Correct answer - "Fix the IAM permissions for the EC2 instance role" : You should use an IAM role
to manage temporary credentials for applications that run on an EC2 instance. When you use a
role, you don't have to distribute long-term credentials (such as a user name and password or
access keys) to an EC2 instance. Instead, the role supplies temporary permissions that
applications can use when they make calls to other AWS resources. In this case make sure your
role has access to the S3 bucket.
"Fix the IAM permissions for the CodeDeploy service role" - The fact that CodeDeploy deployed the
application to EC2 instances tells us that there was no issue between those two, the issue here
is between the EC2 instances and S3
"Make the S3 bucket public" - This is not a good practice, you should strive to do least
privilege access. You may have files in here that should not be allowed public access and you
are opening the door to security breaches
"Enable CodeDeploy Proxy" - False, we don't need to look into CodeDeploy settings but rather
between EC2 and S3 permissions
For more information visit