As a cloud engineer, you have been assigned to a project where an application must sign its AWS API requests with AWS credentials. You are working with IAM roles for Amazon ECS tasks to use them in the containers in a task. What statement is not true in this context?

Answer options:

A.Containers that are running on your container instances are prevented accordingly from accessing the credentials that are supplied to the container instance profile.
B.It is recommended to limit the permissions in your container instance role to the minimal list of permissions in AmazonEC2ContainerServiceforEC2Role role e.g. ecs:CreateCluster, ecr:GetAuthorizationToken.
C.Set the ECS_AWSVPC_BLOCK_IMDS agent configuration variable to true in the agent configuration file and restart the agent to protect credential information supplied to the container instance profile.
D.You define the IAM role to use in your task definitions, or you can use a taskRoleArn override when running a task manually with the RunTask API operation.

Correct Answer: A
The statement is false because containers running on your container instances are not prevented from accessing the credentials supplied to the container instance profile.
Incorrect Answers:
Options B, C, and D are incorrect answers because they are true in this context.
References:
https://amzn.to/2Xv7vTg