Amazon EC2 has no Amazon Resource Names (ARNs) because you can’t specify a particular Amazon EC2 resource in an IAM policy.

Amazon EC2 has no Amazon Resource Names (ARNs) because you can’t specify a particular Amazon EC2
resource in an IAM policy.

Amazon EC2 has no Amazon Resource Names (ARNs) because you can’t specify a particular Amazon EC2
resource in an IAM policy.

A.
TRUE

B.
FALSE

Show Hint

Leave a Reply 20

Your email address will not be published. Required fields are marked *

Sivakumar Arulmani

Sivakumar Arulmani

My choice is A, because they are not talking about all resources, question is about “particular” EC2.

Reply

Chef

Chef

A. True

Examples:

arn:aws:ec2:us-east-1::image/ami-1a2b3c4d
arn:aws:ec2:us-east-1:123456789012:instance/*
arn:aws:ec2:us-east-1:123456789012:volume/*
arn:aws:ec2:us-east-1:123456789012:volume/vol-1a2b3c4d
arn:aws:ec2:region:account_id:dedicated-host/host_id

Reply

Manu

Manu

Its false, answer is B

resource name for a particular instance is “arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0”,

arn:aws:ec2:aws accountid:instance/

Reply

shaam

shaam

A is the answer because you can generally define EC2 in the policy but cannot specify a particular EC2 resource. There is no ARN to identify a specific EC2 instance / resource.

Reply

Rekha

Rekha

B. FAlse.
Here is the syntax from http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

Amazon Elastic Compute Cloud (Amazon EC2)
Syntax:
arn:aws:ec2:region:account-id:customer-gateway/cgw-id
arn:aws:ec2:region:account_id:dedicated-host/host_id
arn:aws:ec2:region:account-id:dhcp-options/dhcp-options-id
arn:aws:ec2:region::image/image-id
arn:aws:ec2:region:account-id:instance/instance-id
arn:aws:iam::account:instance-profile/instance-profile-name
arn:aws:ec2:region:account-id:internet-gateway/igw-id
arn:aws:ec2:region:account-id:key-pair/key-pair-name
arn:aws:ec2:region:account-id:network-acl/nacl-id
arn:aws:ec2:region:account-id:network-interface/eni-id
arn:aws:ec2:region:account-id:placement-group/placement-group-name
arn:aws:ec2:region:account-id:route-table/route-table-id
arn:aws:ec2:region:account-id:security-group/security-group-id
arn:aws:ec2:region::snapshot/snapshot-id
arn:aws:ec2:region:account-id:subnet/subnet-id
arn:aws:ec2:region:account-id:volume/volume-id
arn:aws:ec2:region:account-id:vpc/vpc-id
arn:aws:ec2:region:account-id:vpc-peering-connection/vpc-peering-connection-id
arn:aws:ec2:region:account-id:vpn-connection/vpn-id
arn:aws:ec2:region:account-id:vpn-gateway/vgw-id

Reply

rajeshwari

rajeshwari

Ans: B
because EC2 is base service . we dont need ARN to refer EC2.

Reply

Venkat

Venkat

Answer is B
For example, you can indicate a specific instance (i-1234567890abcdef0) in your statement using its ARN as follows:

“Resource”: “arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0”

Reply

Ganesh Ghube

Ganesh Ghube

B.
FALSE

Reply

Ashok

Ashok

Ans: True
Amazon EC2 resources are
Running Instances, Dedicated Hosts, Volumes, Key Pairs, Placement Groups,Elastic IPs, Snapshots, Load Balancers and Security Groups.

So in the question they asked particular EC2 resource means any one of the above, so True is the correct answer.

All Amazon EC2 resources: arn:aws:ec2:*
All Amazon EC2 resources owned by the specified account in the specified region: arn:aws:ec2:region:account:*

Reply

Ashok

Ashok

My mistake False is the correct answer.

Currently, not all API actions support individual ARNs. But it supports for (Volume, Security group, Key pair, Instance, Placement group and snapshot have ARNs ).

Reply