Is there a method in the IAM system to allow or deny access to a specific instance?
A.
Only for VPC based instances
B.
Yes
C.
No
Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluationlogic.html#policy-eval-denyallow
– By default, all requests are denied. (In general, requests made using the account credentials
for resources in the account are always allowed.)
– An explicit allow overrides this default.
– An explicit deny overrides any allows.
C
Explanation:Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
I think B is correct.. I can use IAM and delete / reset Access key pair and if EC2 was running with that specific key, and not used by any other EC2, that means i used IAM to stop access to specific EC2
It’s not clear what “allow or deny access to a specific instance” means in this question.
There is nothing about OS level access, so it can be API or Console access to perform action on specified instance. This You can limit using IAM Policy.
C is correct:
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
C
Note
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
This is fucking stupid. You cannot control access to an EC2 via IAM system.