Is there a method in the IAM system to allow or deny access to a specific instance?
A.
Only for VPC based instances
B.
Yes
C.
No
Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-evaldenyallow
– By default, all requests are denied. (In general, requests made using the account credentials for resources in
the account are always allowed.)
– An explicit allow overrides this default.
– An explicit deny overrides any allows.
C
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
Its C
https://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html#UseCase_EC2