Correct answer - "The S3 bucket policy authorizes reads" : When evaluating an IAM policy of an
EC2 instance doing actions on S3, the union of both the IAM policy of the EC2 instance and the
bucket policy of the S3 bucket are taken into account.
Incorrect Answers -
"The EC2 instance is using cached temporary IAM credentials" - As the IAM instance role has been
removed that wouldn't be the case
"Removing an instance role from an EC2 instance can take a few minutes before being active" - It
is immediately active and even if it wasn't, it wouldn't make sense we can still do reads but
not writes.
"When a read is done on a bucket, there's a grace period of 5 minutes to do the same read again"
- This is not true. Every single request is evaluated against IAM in the AWS model.