Topic 1 Question 385
An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions. The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.
Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?
The EC2 instance will only be able to list the S3 buckets.
The EC2 instance will only be able to list the contents of one S3 bucket at a time.
The EC2 instance will be able to perform all actions on any S3 bucket.
The EC2 instance will not be able to perform any S3 action on any S3 bucket.
ユーザの投票
コメント(5)
D Explicit deny policies in IAM take precedence over any allow policies. If the IAM role attached to the EC2 instance explicitly denies access to S3, this deny will apply regardless of any other credentials or policies that might grant access.
Even though the EC2 instance's credentials file specifies keys with full administrative access, the explicit deny in the IAM role will override these permissions for S3 actions.
👍 10tomchandler0772024/07/07- 正解だと思う選択肢: D👍 4Anandesh2024/07/05
- 正解だと思う選択肢: C
The credentials file containing IAM user credentials with full administrative permissions overrides the IAM role's permissions for S3 actions, allowing full access to S3.
👍 2CloudChingon2024/11/14
シャッフルモード