AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An application deployed on a cloud virtual server requires interaction with object storage and a NoSQL database service. What is the recommended method to manage the application's service-specific permissions in accordance with best security practices that enforce minimal access rights?
Configure an account with administrative privileges and programmatically distribute its access keys across all server instances.
Embed long-term security credentials in the source code of the application to authorize service interactions.
Create a role with the exact permissions required by the application and attach it to the virtual server.
Utilize the cloud platform's root account to ensure uninterrupted access to necessary services.
The best security practice for managing an application's permissions is to create a role with the specific privileges needed and then attach it to the virtual server. This method supports the principle of least privilege by only granting access that is necessary for the application's function, without the need to manage or expose static credentials. Using static credentials or high-level access like the root account's credentials can lead to significant security risks, including potential unauthorized access if the credentials are compromised.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM roles in AWS?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
Why should I avoid embedding long-term credentials in my application code?