AWS Certified Security - Specialty (#69)

An application makes calls to AWS services using the AWS SDK. The application runs on Amazon EC2 instances with an associated IAM role. When the application attempts to access an object within an Amazon S3 bucket; the Administrator receives the following error message: HTTP 403: Access Denied. Which combination of steps should the Administrator take to troubleshoot this issue? (Select three.)

Confirm that the EC2 instance's security group authorizes S3 access.
Verify that the KMS key policy allows decrypt access for the KMS key for this IAM principle.
Check the S3 bucket policy for statements that deny access to objects.
Confirm that the EC2 instance is using the correct key pair.
Confirm that the IAM role associated with the EC2 instance has the proper privileges.
Confirm that the instance and the S3 bucket are in the same Region.