AWS - Identity and Access Management
Which of the following is the correct way to specify a trust policy for an IAM role?
Which of the following is the correct way to specify a trust policy for an IAM role?
easy📝 Configuration Q12 of 15
Step-by-Step Solution
Solution:
Step 1: Identify trust policy structure
A trust policy allows a trusted entity (like EC2) to assume the role using sts:AssumeRole action.Step 2: Check each option
{ "Statement": [{ "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" }] } correctly allows EC2 service to assume the role. { "Statement": [{ "Effect": "Deny", "Principal": { "AWS": "*" }, "Action": "sts:AssumeRole" }] } denies all, which is invalid for trust. { "Statement": [{ "Effect": "Allow", "Principal": { "User": "admin" }, "Action": "iam:CreateUser" }] } uses wrong action and principal. { "Statement": [{ "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "iam:PassRole" }] } uses wrong action (iam:PassRole) for trust.Final Answer:
{ "Statement": [{ "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "sts:AssumeRole" }] } -> Option BQuick Check:
Trust policy must allow sts:AssumeRole to a service [OK]
Quick Trick: Trust policy uses sts:AssumeRole with service principal [OK]
Common Mistakes:
MISTAKES- Using iam:PassRole instead of sts:AssumeRole
- Denying all principals in trust policy
- Specifying user instead of service in Principal
Master "Identity and Access Management" in AWS
Want More Practice?
15+ quiz questions · All difficulty levels · Free
Free Signup - Practice All QuestionsMore AWS Quizzes