This certification preparation material would help you in getting the jobs in the AWS Fields

AWS Developer Certification : Associate Level AWS Sysops Administrator Certification : Assciate Level AWS Solution Architect Certification : Associate Level AWS Soltion Architect : Professional Level AWS Certified Security Specialty (SCS-C01) AWS Professional certification Exam AWS Certified Big Data – Specialty (BDS-C00) AWS Certified Machine Learning MLS C01 Certification Prepration Materal AWS Solution Architect : Training Associate AWS Advanced Networking Certifications AWS Exam Prepare : Kinesis Data Stream Book : AWS Solution Architect Associate : Little Guide AWS Security Specialization Certification: Little Guide SCS-C01 AWS Package Deal


While applying to the Job you need to mention referred by : admin@hadoopexam.com | or Website : http://www.HadoopExam.com


 

Question-7: You are setting up credentials for various AWS services. In which of the following situation you should prefer to use IAM Role rather than direct access to service using individual account?

  1. Your organization already have in-house directory of users with their access permissions are already setup.
  2. In your AWS account to allow another AWS account permissions to access your account resources.
  3. One AWS service in your account can access another AWS service.
  4. If you have created an application which is running on EC2 instance. Application need to access AWS resources programmatically.

Ans: A, B, C, D

Detailed Explanation: IAM Roles are useful in following situation.

  1. Federated User Access
    1. If your organization is already using solution like LDAP or Microsoft active Directory, or any other identity provider for users access management. Then this users are known as federated users.
    2. This federated users can use Identity Provider.

 

  1. Cross Account access
    1. You can use an IAM Role in your AWS account to allow another AWS account permissions to access your account resources.
  2. AWS Service access
    1. If you want one service in your account can access another service. Then you can use IAM Role for that. Suppose you have to load data from S3 to Redshift cluster. Rather than using your account credentials, you will be using an IAM Role which allows Redshift to access S3 bucket on your behalf. So that it can load data from S3 bucket to Redshift cluster.
  3. Applications running on EC2 instances
    1. If you have created an application which is running on EC2 instance. Application need to access AWS resources programmatically. It is not a good idea to store your access keys on EC2 instance.
    2. You should assign an IAM Role to an EC2 instance.
  • To assign a Role to an EC2 instance, you will be creating an instance profile and then attach this profile to an EC2 instance while launching it.

An instance profile contain the role and enables application running on EC2 instance to get temporary access keys.