What does this policy statement entitle the user to perform?

An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a
user. What does this policy statement entitle the user to perform?
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]
} ]

An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a
user. What does this policy statement entitle the user to perform?
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]
} ]

A.
0

B.
0

C.
0

D.
0

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage
users and user permissions for various AWS services. If the organization (Account ID
123412341234. wants some of their users to manage keys (access and secret access keys. of all
IAM users, the organization should set the below mentioned policy which entitles the IAM user to
modify keys of all IAM users with CLI, SDK or API.
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]
}]

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Anuj

Anuj

Please write answer properly.

Reply

Stan

Stan

A. The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs
B. The policy will give an invalid resource error
C. The policy allows the IAM user to modify all credentials using only the console
D. The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs

Answer is D

Reply