An AWS root account owner is trying to create a policy to access RDS. Which of the below mentioned
statements is true with respect to the above information?
A.
Create a policy which allows the users to access RDS and apply it to the RDS instances
B.
The user cannot access the RDS database if he is not assigned the correct IAM policy
C.
The root account owner should create a policy for the IAM user and give him access to the RDS services
D.
The policy should be created for the user and provide access for RDS
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. If the account owner wants to create a policy for RDS, the owner has to
create an IAM user and define the policy which entitles the IAM user with various RDS services such as Launch
Instance, Manage security group, Manage parameter group etc.
C
I feel correct Answer may be B.
A- not correct , IAM policies are associated with user/group/role level
C- not 100% correct , group or role policy can also provide RDS access
D- not 100% correct , group or role policy can also provide RDS access
As long as the user get the database access, he can access RDS database whatever he is assigned an correct or incorrect IAM role.
From my understand, C/D is same thing…
C! AWS Identity and Access Management is a web service which allows organizations to
manage users and user permissions for various AWS services. If the account owner wants
to create a policy for RDS, the owner has to create an IAM user and define the policy which
entitles the IAM user with various RDS services such as Launch Instance, Manage security
group, Manage parameter group etc.
C
c
C.
I think its a best practice thing. we are not supposed to use root account for access to RDS. So its best to create an IAM USER and provide him the role
C