A SysOps administrator is investigating why an EC2 instance cannot access an S3 bucket using an IAM role. The instance has an associated IAM role with a policy that allows s3:GetObject on the bucket. The bucket policy also allows access from the role. However, the instance's application still gets access denied. What is the most likely cause?
If the role is not attached to the instance profile, the instance cannot assume the role and will not have permissions.
Why this answer
The instance profile must be correctly attached to the EC2 instance. Option C is correct because if the role is not properly associated with the instance profile, the instance will not have the necessary credentials. Option A is wrong because the S3 endpoint is not required for access via the internet.
Option B is wrong because the bucket policy allows the role. Option D is wrong because the role already has the GetObject permission.