Complete the code to create an IAM user with programmatic access.
aws iam create-user --user-name [1]The command creates an IAM user named 'MyUser'. Avoid using 'RootUser' as a user name because root access should be limited.
Complete the code to attach a policy that grants read-only access to S3.
aws iam attach-user-policy --user-name MyUser --policy-arn [1]The policy ARN 'AmazonS3ReadOnlyAccess' grants read-only permissions to S3 resources, following the principle of least privilege.
Fix the error in the policy JSON to allow only listing S3 buckets.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "[1]",
"Resource": "*"
}
]
}The action 's3:ListAllMyBuckets' allows listing all buckets in the account, which is the correct permission for this task.
Fill both blanks to create a policy statement that grants read-only access to objects in a specific bucket.
{
"Effect": "[1]",
"Action": "[2]",
"Resource": [
"arn:aws:s3:::example-bucket",
"arn:aws:s3:::example-bucket/*"
]
}The 'Allow' effect with 's3:GetObject' action on the specified bucket and its objects grants read-only access, enforcing the principle of least privilege.
Fill all three blanks to create an IAM role trust policy allowing EC2 to assume the role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "[1]",
"Principal": {"Service": "[2]"},
"Action": "[3]"
}
]
}The trust policy must allow EC2 service to assume the role using 'sts:AssumeRole' action with effect 'Allow'.