Which statement best describes the purpose of the trust policy in an AWS IAM role?
Think about who is allowed to use the role, not what the role can do.
The trust policy defines the entities (users, services, accounts) that are allowed to assume the IAM role. Permissions granted to the role are defined separately in permission policies.
What happens when an AWS Lambda function assumes an IAM role with limited permissions?
Consider how roles limit what a service can do.
When a Lambda function assumes an IAM role, it inherits only the permissions granted by that role. It cannot exceed those permissions.
You want an EC2 instance in Account A to access an S3 bucket in Account B securely. Which setup correctly enables this using IAM roles?
Think about how trust policies enable cross-account role assumption.
Cross-account access requires a role in the target account (Account B) with a trust policy that allows the source account (Account A) to assume it. Sharing access keys or roles without trust policies does not work securely.
You have an IAM role used by an application that only needs to read data from DynamoDB. Which policy best follows the least privilege principle?
Least privilege means giving only the exact permissions needed.
Granting only the necessary read actions on the specific table limits risk and follows best security practices.
You want to automate a process that runs on an on-premises server and needs temporary AWS credentials with limited permissions. Which approach follows AWS best practices?
Think about temporary credentials and automation without long-term keys.
Using STS to assume roles and get temporary credentials is secure and avoids long-term keys on servers.