What will happen when a user is requesting access from …

A user has set the IAM policy where it denies all requests if a request is not from IP
10.10.10.1/32. The other policy says allow all requests between 5 PM to 7 PM. What will happen
when a user is requesting access from IP 55.109.10.12/32 at 6 PM?

A user has set the IAM policy where it denies all requests if a request is not from IP
10.10.10.1/32. The other policy says allow all requests between 5 PM to 7 PM. What will happen
when a user is requesting access from IP 55.109.10.12/32 at 6 PM?

A.
It will deny access

B.
It is not possible to set a policy based on the time or IP

C.
IAM will throw an error for policy conflict

D.
It will allow access

Explanation:
When a request is made, the AWS IAM policy decides whether a given request should be allowed
or denied. The evaluation logic follows these rules:
By default, all requests are denied. (In general, requests made using the account credentials for
resources in the account are always allowed.)
An explicit allow policy overrides this default.
An explicit deny policy overrides any allows.
In this case since there are explicit deny and explicit allow statements. Thus, the request will be
denied since deny overrides allow.

http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *