How to allow EC2 instances access to SSM Parameter Store with SecureString using default KMS CMK (select TWO)?
1. Add the EC2 instance role as a trusted service to the SSM service role
2. Add permissions to use the KMS key to decrypt to the SSM service role
3. Add permission to read the SSM parameter to the EC2 instance role
4. Add permission to use the KMS key to decrypt to the EC2 instance role
5. Add the SSM service role as a trusted service to the EC2 instance role
What is the correct answer and why?
Which answers do you think are correct and why? Are there any answers which look wrong to you? Use your knowledge and a process of elimination to try and work it out.
If others tell you the answer, it is unlikely you will learn very much. Why not take a look at the AWS documentation? The answers are out there and you’ll learn much more by trying to figure it out.