An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What
does this policy statement entitle the user to perform?
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]
}]
A.
0
B.
0
C.
0
D.
0
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their
users to manage keys (access and secret access keys. of all IAM users, the organization should set the below
mentioned policy which entitles the IAM user to modify keys of all IAM users with CLI, SDK or API.
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]}]
Please update the question, there are not answer list
A. The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs
B. The policy will give an invalid resource error
C. The policy allows the IAM user to modify all credentials using only the console
D. using only CLI, SDK or APIs
I think that the correct answer is A.
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html#creds-policies-users
The correct statment should be.
“Version”: “2012-10-17”,
“Statement”: [{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*LoginProfile”,
“iam:*AccessKey*”,
“iam:*SigningCertificate*”
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”] }]
}
D. The policy allows the IAM user to modify all IAM user’s credentials using only CLI, SDK or APIs
“The following policy is like the previous one but excludes the permissions that are needed only for console access. This policy lets users manage their credentials with the AWS CLI, Tools for Windows PowerShell, the AWS SDKs, or the IAM HTTP query API.”
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_delegate-permissions_examples.html
D
A.
AWS Identity and Access Management is a web service which allows organizations to
manage users and user permissions for various AWS services. If the organization (Account
ID 123412341234. wants some of their users to manage keys (access and secret access
keys. of all IAM users, the organization should set the below mentioned policy which
entitles the IAM user to modify keys of all IAM users with CLI, SDK or API.
D.
Access key not be used via console, only CLI, SDK or API
An organization (Account ID 123412341234) has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*LoginProfile”,
“iam:*AccessKey*”,
“iam:*SigningCertificate*”
],
“Resource”: [
“arn:aws:iam::123412341234:user/${aws:username}”
]
}
]
a) The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs
b) The policy will give an invalid resource error
c) The policy allows the IAM user to modify all credentials using only the console
d) The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs
Correct is D.
D