AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company is deploying a three-tier web application consisting of a web server tier, application server tier, and a database tier. How should the organization restrict each tier to only the permissions necessary for their specific operations?
Distribute administrative credentials to instances in all tiers, ensuring they have sufficient permissions for any action they might need to perform.
Employ root user credentials for all instances to maintain simplicity in permissions management and ensure full access to resources.
Remove all permissions from instances in each tier to maximize security and prevent potential security incidents.
Assign tailored IAM roles to each EC2 instance in the respective tiers with only the permissions necessary for their functions.
Implementing fine-grained access controls by assigning tailored IAM roles to each tier's respective EC2 instances ensures that each tier operates with only the permissions necessary for its duties. This strict adherence to the principle of least privilege prevents excessive permissions that could be exploited in case of a security breach. Providing overarching administrative credentials to all tiers, using root account access, or stripping all permissions contradict the security best practice of granting least privilege to perform required functions and are, therefore, incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM roles and how do they work in AWS?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
What does it mean to employ fine-grained access controls?