🔥 3-day streak
AWS Certified Security - Specialty48 / 157
Question 48 of 157

During an incident, an EC2 instance is confirmed compromised. Before terminating it, the IR team must ensure that any credentials issued through the instance's IAM role are rendered useless, while preserving the instance's EBS volumes and memory for forensic analysis. The instance runs a critical workload, so responders want to stop attacker use of the role credentials as quickly as possible without waiting for the temporary credentials to naturally expire. Which action most effectively invalidates already-issued temporary credentials from the instance role?

Reviewed for accuracy · Report an issueNext question