AWS DevOps Engineer Professional Practice Test

In configuring an Elastic Beanstalk environment, where are IAM permissions utilized?

• A. Network settings and user roles
• B. Service roles and instance profiles
• C. Load balancer settings and scaling policies
• D. Security groups and VPC settings

The correct answer is: Service roles and instance profiles

IAM permissions play a crucial role in defining access and security policies within an AWS Elastic Beanstalk environment. By utilizing service roles and instance profiles, you grant the Elastic Beanstalk environment the appropriate permissions it needs to interact with other AWS services securely. Service roles are necessary for enabling Elastic Beanstalk to manage related resources like EC2 instances, Auto Scaling, and other services on your behalf. For example, when deploying an application, the environment might need to access an S3 bucket for files or interact with DynamoDB for database operations. The service role defines what permissions Elastic Beanstalk has to make those interactions, ensuring that it operates within the limits of least privilege. Instance profiles link to the EC2 instances running your application and provide permissions directly to those instances. This is essential for applications that require access to AWS resources during their execution, such as writing logs to CloudWatch or reading from S3. In contrast, while network settings and user roles, load balancer settings and scaling policies, or security groups and VPC settings are critical aspects of environment configuration, they do not involve IAM permissions as fundamentally as service roles and instance profiles do. These aspects focus more on architecture and resource management rather than defining access and permissions necessary for smooth operation within