[Solved] Identify the error in this IAM policy statement:{ "Effect": "Allow", "Action": ["ec2:StartInstances", "ec2:StopInstances"], "Resource": "*", "Condition": { "StringEquals": { "ec2:Region":... | AWS

AWS - Identity and Access Management

Identify the error in this IAM policy statement:

{
  "Effect": "Allow",
  "Action": ["ec2:StartInstances", "ec2:StopInstances"],
  "Resource": "*",
  "Condition": {
    "StringEquals": {
      "ec2:Region": "us-west-2"
    }
  }
}

AThe Condition key is not valid for EC2 actions

BThe Condition key should be inside the Action key

CThe policy is valid and has no errors

DThe Resource value "*" is not allowed for these actions

Step-by-Step Solution

Solution:

Step 1: Check Condition usage with EC2 actions
EC2 supports conditions like StringEquals on ec2:Region to restrict actions by region.
Step 2: Verify Resource and structure
Resource "*" is valid for EC2 start/stop actions because they apply to instances across resources.
Final Answer:
The policy is valid and has no errors -> Option C
Quick Check:
Condition on ec2:Region with Resource "*" is valid [OK]

Quick Trick: Conditions can restrict actions by region or other keys [OK]

Common Mistakes:

Thinking Condition is invalid for EC2
Assuming Resource "*" is always wrong
Misplacing Condition inside Action

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

Identify the error in this IAM policy statement:

Step 1: Check Condition usage with EC2 actions

Step 2: Verify Resource and structure

Final Answer:

Quick Check:

Want More Practice?