Is there a method in the IAM system to allow or deny access to a specific instance?
A.
Only for VPC based instances
B.
Yes
C.
No
Is there a method in the IAM system to allow or deny access to a specific instance?
Is there a method in the IAM system to allow or deny access to a specific instance?
Hm…
What about info in this link: https://aws.amazon.com/blogs/aws/resource-permissions-for-ec2-and-rds-resources/
In IAM everything is denied by default, you can only add “allow” rules, you can not add “deny” rules.
Answer is B.
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html#policy-eval-denyallow
– By default, all requests are denied. (In general, requests made using the account credentials for resources in the account are always allowed.)
– An explicit allow overrides this default.
– An explicit deny overrides any allows.
Anser C
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
C
Note
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
Why cant we give Access to particular EC2 instance to allow or deny access by giving the resource ARN and allow/deny permissions?
This question has a missing part.
The actual question should be:
Is there a method in the IAM system to allow or deny access to the OPERATING SYSTEM of a specific instance?
Answer is NO.
Answer B
You can restrict IAM user access to a specify EC2 instance (for managment operations of an instance)
https://blogs.aws.amazon.com/security/post/Tx2KPWZJJ4S26H6/Demystifying-EC2-Resource-Level-Permissions
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
There is no method in the IAM system to allow or deny access to the operating system of a specific instance.
C is the right answer.
B is wrong because IAM doesn’t control access to login to instances.
See https://aws.amazon.com/blogs/security/demystifying-ec2-resource-level-permissions/
With resource-level permissions, you can set permissions to reboot, start, stop, and terminate specific EC2 instances as well as set permissions to attach, delete, and detach EBS (Elastic Block Store) volumes.
C
Note
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
I agree with the answer. C
Can anybody advise if these questions will appear in the real exam?
@Jones
No, these are just well-crafted practice questions. You should take 6-8 months of free tier to hone your skills. Take a course in-tandem too.
C is correct
IAM – Service level permissions
Security groups – Host level permissions
Answer is B.
Yes, IAM can control specific instances via IAM policies.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-policy-structure.html#UsingWithEC2_Actions
I too agree with C
Answer= C
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
C
Answer is B: hence here question is, doesn’t AWS has facility to restrict the user to specific instance, answer is “YES”, question is not talking about OS of instance.
Note
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
Note
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
Choose C, http://docs.aws.amazon.com/IAM/latest/UserGuide/IAM_UseCases.html
“C” is the right answer
Amazon EC2 uses SSH keys, Windows passwords, and security groups to control who has access to the operating system of specific Amazon EC2 instances. There’s no method in the IAM system to allow or deny access to the operating system of a specific instance.
C is the right answer.