Which is a valid Amazon Resource name (ARN) for IAM?
A.
aws:iam::123456789012:instance-profile/Webserver
B.
arn:aws:iam::123456789012:instance-profile/Webserver
C.
123456789012:aws:iam::instance-profile/Webserver
D.
arn:aws:iam::123456789012::instance-profile/Webserver
Explanation:
IAM ARNs
Most resources have a friendly name (for example, a user named Bob or a group named Developers).
However, the access policy language requires you to specify the resource or resources using the following
Amazon Resource Name (ARN) format.
arn:aws:service:region:account:resource
Where:
service identifies the AWS product. For IAM resources, this is always iam.
region is the region the resource resides in. For IAM resources, this is always left blank.
account is the AWS account ID with no hyphens (for example, 123456789012).
resource is the portion that identifies the specific resource by name.
You can use ARNs in IAM for users (IAM and federated), groups, roles, policies, instance profiles, virtual MFA
devices, and server certificates. The following table shows the ARN format for each and an example. The
region portion of the ARN is blank because IAM resources are global.
B
B
B.