What entitlements do the IAM users avail with this policy?

An organization has created one IAM user and applied the below mentioned policy to the user. What
entitlements do the IAM users avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
}]}

An organization has created one IAM user and applied the below mentioned policy to the user. What
entitlements do the IAM users avail with this policy?
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
}]}

A.
The policy will allow the user to perform all read only activities on the EC2 services

B.
The policy will allow the user to list all the EC2 resources except EBS

C.
The policy will allow the user to perform all read and write activities on the EC2 services

D.
The policy will allow the user to perform all read only activities on the EC2 services except load
Balancing

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. If an organization wants to setup read only access to EC2 for a particular
user, they should mention the action in the IAM policy which entitles the user for Describe rights for EC2,
CloudWatch, Auto Scaling and ELB. In the policy shown below, the user will have read only access for EC2 and

EBS, CloudWatch and Auto Scaling. Since ELB is not mentioned as a part of the list, the user will not have
access to ELB.
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: “ec2:Describe*”,
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: [
“cloudwatch:ListMetrics”,
“cloudwatch:GetMetricStatistics”,
“cloudwatch:Describe*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “autoscaling:Describe*”,
“Resource”: “*”
}]}



Leave a Reply 0

Your email address will not be published. Required fields are marked *