A user has set an IAM policy where it allows all requests if a request from IP 10.10.10.1/32. Another policy allows all the
requests between 5 PM to 7 PM. What will happen when a user is requesting access from IP 10.10.10.1/32 at 6 PM?
A.
IAM will throw an error for policy conflict
B.
It is not possible to set a policy based on the time or IP
C.
It will deny access
D.
It will allow access
Explanation:
With regard to IAM, when a request is made, the AWS service decides whether a given request should be allowed or
denied. The evaluation logic follows these rules:
– By default, all requests are denied. (In general, requests made using the account credentials for resources in the account
are always allowed.)
– An explicit allow policy overrides this default.
– An explicit deny policy overrides any allows.
http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html
D
D