AWS Certified SysOps Administrator SOA-C01 – Question637

An application running on Amazon EC2 instances needs to write files to an Amazon S3 bucket.
What is the MOST secure way to grant the application access to the S3 bucket?

A.
Create an IAM user with the necessary privileges. Generate an access key and embed the key in the code running on the EC2 instances.
B. Install secure FTP (SFTP) software on the EC2 instances. Use an AWS Lambda function to copy the files from the EC2 instances to Amazon S3 using SFTP.
C. Create an IAM role with the necessary privileges. Associate the role with the EC2 instances at launch.
D. Use rsync and cron to set up the transfer of files from the EC2 instances to the S3 bucket. Enable AWS Shield to protect the data.

Correct Answer: C