What will the below mentioned statement allow the user to perform?

An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his
credentials. What will the below mentioned statement allow the user to perform?
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”,
“Action”: [
“iam:AddUserToGroup”,
“iam:RemoveUserFromGroup”,
“iam:GetGroup”
],
“Resource”: “arn:aws:iam:: 123412341234:group/TestingGroup”
}]

An organization (account ID 123412341234. has configured the IAM policy to allow the user to modify his
credentials. What will the below mentioned statement allow the user to perform?
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”,
“Action”: [
“iam:AddUserToGroup”,
“iam:RemoveUserFromGroup”,
“iam:GetGroup”
],
“Resource”: “arn:aws:iam:: 123412341234:group/TestingGroup”
}]

A.
The IAM policy will throw an error due to an invalid resource name

B.
The IAM policy will allow the user to subscribe to any IAM group

C.
Allow the IAM user to update the membership of the group called TestingGroup

D.
Allow the IAM user to delete the TestingGroup

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. If the organization (account ID 123412341234. wants their users to
manage their subscription to the groups, they should create a relevant policy for that. The below mentioned
policy allows the respective IAM user to update the membership of the group called MarketingGroup.
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”,
“Action”: [
“iam:AddUserToGroup”,
“iam:RemoveUserFromGroup”,
“iam:GetGroup”
],
“Resource”: “arn:aws:iam:: 123412341234:group/ TestingGroup “
}]



Leave a Reply 0

Your email address will not be published. Required fields are marked *


raysmithvic1978

raysmithvic1978

C

varun

varun

NOt sure about “allow the user to modify his
credentials”

if this is not in the question than C will be ANSWER

srat

srat

There is space between :: and the account number which will definitely throw an invalid policy error. If you doubt test it yourself!