AWS Solutions Architect Associate Practice Test

How can a company deploy an IAM role with privileges to EC2 instances in a new AWS region?

• A. Create a new IAM role and associated policies within the new region
• B. Assign the existing IAM role to the Amazon EC2 instances in the new region
• C. Copy the IAM role to the new region and attach it to the instances
• D. Create an Amazon Machine Image (AMI) and copy it to the desired region

The correct answer is: Assign the existing IAM role to the Amazon EC2 instances in the new region

The choice of assigning the existing IAM role to the Amazon EC2 instances in the new region is viable because IAM roles are not tied to specific regions. Instead, they are global resources in AWS. When an IAM role is created, it can be referenced and used in any region across the AWS account. This allows for the flexibility of utilizing the role's permissions without needing to recreate it in each region. As long as the role is correctly defined with the necessary permissions for EC2 operations, it can be assigned to instances regardless of the region in which they are launched. This approach simplifies the management of IAM roles, as it avoids duplication and potential inconsistencies between roles in different regions. It ensures that the same security and permission model is employed across regions, simplifying audits and compliance measures. Creating a new IAM role and associated policies within the new region introduces unnecessary effort and complexity, as it involves setting up the permissions again, which could lead to mismatches or oversight. Copying the IAM role to the new region isn't practical since IAM roles are not physical entities that can be duplicated; they exist as global resources managed centrally. Lastly, creating an Amazon Machine Image (AMI) and copying it to the desired region pertains to deploying software or instances rather than directly managing