A solutions architect has created two IAM policies: Policy1 and Policy2. Both policies are attached to an IAM group. A cloud engineer is added as an IAM user to the IAM group. Which action will the cloud engineer be able to perform?
The answer is C. There is an explicit DENY on deleting directories in the second policy. So the only thing that can be deleted is EC2 instances as per the permission in the first policy.
As per the permission on Policy 1, the Cloud Engineer has full permission for EC2 instances. rest he will have limited permission.
iam - Get & List
kms - List
ec2 - All
ds - All (Directory Service)
logs - Get & Describe
resource - all
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Paitan
Highly Voted 3 years, 8 months agoKarthik_Krishnamoorthy
Highly Voted 3 years, 8 months agonoahsark
3 years, 7 months agoPhilMultiCloud
Most Recent 3 years, 7 months agoastromelon
3 years, 7 months agoPhilMultiCloud
3 years, 7 months agoKenisworld666
3 years, 7 months agowoke
3 years, 7 months agosyu31svc
3 years, 7 months agomryala
3 years, 7 months agoAnkitrathi85
3 years, 7 months agoElias23
3 years, 7 months agoarunchu
3 years, 7 months agoanpt
3 years, 8 months agovenh123
3 years, 8 months agolunamycat
3 years, 8 months agoppptttio89
3 years, 8 months agoMFDOOM
3 years, 8 months agopeterjohn
3 years, 8 months agocharlyAws
3 years, 8 months ago