An organization has created one IAM user and applied the below mentioned policy to the user.
What entitlements do the IAM users avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
} ] }
A.
The policy will allow the user to perform all read only activities on the EC2 services
B.
The policy will allow the user to list all the EC2 resources except EBS
C.
The policy will allow the user to perform all read and write activities on the EC2 services
D.
The policy will allow the user to perform all read only activities on the EC2 services except load
Balancing
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage
users and user permissions for various AWS services. If an organization wants to setup read only
access to EC2 for a particular user, they should mention the action in the IAM policy which entitles
the user for Describe rights for EC2, CloudWatch, Auto Scaling and ELB. In the policy shown
below, the user will have read only access for EC2 and EBS, CloudWatch and Auto Scaling. Since
ELB is not mentioned as a part of the list, the user will not have access to ELB.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
}]}
D
D
D ec2:Describe allows the user to read EC2 and EBS activities. ELB must be called out specifically.