Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

💰 Up to 40% BIG Discounts on AWS & Azure Foundational Practice Exams – Now as LOW as $9.99 only!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Timed Mode Exam 3 – Pre-signed URL question

  • Timed Mode Exam 3 – Pre-signed URL question

     Irene-TutorialsDojo updated 1 week ago 2 Members · 2 Posts
    AWS Certified Solutions Architect Professional

  • jbeha

    Member
    April 29, 2026 at 4:03 am

    A financial company is building a new online document portal system that allows its employees and developers to upload yearly and bi-annual corporate earnings report files to a private S3 bucket in which other confidential corporate files will also be stored. You are working as a Solutions Architect and you were instructed to create the private S3 bucket as well as the IAM users for the application developers to start their work. You assigned the required policies in IAM to the developers that allows them read and write access to the S3 bucket. After a few weeks, they have completed the new online portal and hosted it on a fleet of Spot EC2 instances. One of the application developers created a pre-signed URL that points to the correct S3 bucket and after a few testing, he has successfully uploaded the files from his laptop using the generated URL. He then made the necessary code change to the online portal to generate the pre-signed URL to upload the files in S3. However, after a few days, the development team complained that they cannot upload the files anymore using the online portal.

    Which of the following options are valid reasons for this behavior? (Select TWO.)

    One of the correct answers was:
    The required AWS credentials in the ~/.aws/credentials configuration file located on the EC2 instances of the online portal were misconfigured.

    This application runs on a fleet of EC2 Spot Instances and I worry about the pattern that is being used as a correct answer. The access Id and key would need to be stored somewhere to be deployed to the spot instances and also having long living credentials on an EC2 instance is generally discouraged. I understand the other options do not point to the problem, but possibly people could think this correct answer is an acceptable practice.

  • Irene-TutorialsDojo

    Administrator
    May 4, 2026 at 1:28 pm

    Hi jbeha,

    Thank you for your feedback. This is a valid concern worth addressing.

    You are correct that storing long-lived IAM credentials in the ~/.aws/credentials file on EC2 instances is not an AWS best practice. Accordingly, the recommended approach is to attach an IAM Role to the EC2 instances via an instance profile. This allows instances to automatically retrieve temporary, rotating credentials through the EC2 Instance Metadata Service (IMDS), removing the need to manage static access keys, which is especially important for Spot Instances that can be interrupted and replaced at any time.

    However, the question is diagnostic in nature; it asks why the upload is failing, not how the system should be designed. Since the scenario does not mention an IAM Role being attached to the EC2 instances, the absence or misconfiguration of credentials in the ~/.aws/credentials file is a valid root cause of the failure. The key takeaway is that the proper remediation is to attach the appropriate IAM Role to the EC2 instances, not to populate the credentials file with static keys.

    To make this clearer, we have updated the explanation to include guidance on using IAM Roles with instance profiles as the correct and recommended approach when deploying applications on EC2 instances that interact with AWS services such as Amazon S3.

    We appreciate you taking the time to raise this. Feedback like yours helps us improve our content.

    Best regards,

    Irene @ Tutorials Dojo

Viewing 1 - 2 of 2 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now
Skip to content