Your system recently experienced down time. During the troubleshooting process you found that
a new administrator mistakenly terminated several production EC2 instances.
Which of the following strategies will help prevent a similar situation in the future?
The administrator still must be able to:
– launch, start, stop, and terminate development resources,
– launch and start production instances.
A.
Leverage EC2 termination protection and multi-factor authentication, which together require users
to authenticate before terminating EC2 instances.
B.
Leverage resource based tagging, along with an IAM user which can prevent specific users from
terminating production EC2 resources.
C.
Create an IAM user which is not allowed to terminate instances by leveraging production EC2
termination protection.
D.
Create an IAM user and apply an IAM role which prevents users from terminating production EC2
instances.
Explanation:
http://blogs.aws.amazon.com/security/post/Tx29HCT3ABL7LP3/Resource-level-Permissions-forEC2-Controlling-Management-Access-on-Specific-Ins
https://aws.amazon.com/blogs/security/resource-level-permissions-for-ec2-controlling-management-access-on-specific-instances/