[Solved] Find the mistake in this IAM policy snippet:{"Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*", "Condition": {"StringEquals": {"ec2:Region": "us-west-2"}}} | AWS

AWS - Identity and Access Management

Find the mistake in this IAM policy snippet:

{"Effect": "Allow", "Action": "ec2:DescribeInstances", "Resource": "*", "Condition": {"StringEquals": {"ec2:Region": "us-west-2"}}}

AThe "Condition" key is not valid for this action

B"Resource" cannot be "*" for EC2 actions

CThe policy is valid and has no mistakes

DThe condition key "ec2:Region" is invalid

Step-by-Step Solution

Solution:

Step 1: Check if "Condition" is allowed with this action
Conditions can be applied to EC2 actions, including region restrictions.
Step 2: Verify the resource and condition keys
"Resource": "*" is valid for DescribeInstances, and "ec2:Region" is a valid condition key.
Final Answer:
The policy is valid and has no mistakes -> Option C
Quick Check:
Valid condition + resource = The policy is valid and has no mistakes [OK]

Quick Trick: Conditions can restrict actions even with resource "*" [OK]

Common Mistakes:

MISTAKES

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

More AWS Quizzes

Find the mistake in this IAM policy snippet: