AWS SAP-C00 Certified Solution Architect Professional Exam Set 10

An administrator is using Amazon Cloud Formation to deploy a three tier web application that consists of a web tier and application tier that will utilize Amazon Dynamo DB for storage when creating the Cloud Formation template which of the following would allow the application Instance access to the Dynamo DB tables without exposing API credentials?


Options are :

  • Create an Identity and Access Management Role that has the required permissions to read and write from the required Dynamo DB table and reference the Role in the instance profile property of the application instance. (Correct)
  • Use the Parameter section in the Cloud Formation template to nave the user input Access and Secret Keys from an already created IAM user that has me permissions required to read and write from the required Dynamo DB table.
  • Create an Identity and Access Management Role that has the required permissions to read and write from the required Dynamo DB table and associate the Role to the application Instances by referencing an Instance profile.
  • Create an Identity and Access Management user in the Cloud Formation template that has permissions to read and write from the required Dynamo DB table, use the Get Attribute function to retrieve the Access and secret keys and pass them to the application instance through user data.

Answer : Create an Identity and Access Management Role that has the required permissions to read and write from the required Dynamo DB table and reference the Role in the instance profile property of the application instance.

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions