How to allow EC2 instances access to SSM Parameter Store with SecureString using default KMS CMK (select TWO)?
1. Add the EC2 instance role as a trusted service to the SSM service role
2. Add permissions to use the KMS key to decrypt to the SSM service role
3. Add permission to read the SSM parameter to the EC2 instance role
4. Add permission to use the KMS key to decrypt to the EC2 instance role
5. Add the SSM service role as a trusted service to the EC2 instance role
What is the correct answer and why?
1 Answers
Which answers do you think are correct and why? Are there any answers which look wrong to you? Use your knowledge and a process of elimination to try and work it out.
If others tell you the answer, it is unlikely you will learn very much. Why not take a look at the AWS documentation? The answers are out there and you’ll learn much more by trying to figure it out.
Good luck!
I disagree, sometimes you just need to know the right answer and can work it back as to why.
Max with questions like these where it may seem like information overload, break it into pieces to understand what they are asking. They want to know how to allow EC2 access to SSM. So just based on that 1 would be wrong since thats giving perrmission to SSM to access EC2 and not the other way around. 2 also falls under that category, its adding to SSM service role, not EC2. Learning to eliminate the wrong choices are as valuable as knowing the correct one!