Bird
0
0

You created an IAM role with this trust policy:

medium📝 Debug Q14 of 15
AWS - Identity and Access Management
You created an IAM role with this trust policy:
{ "Statement": [{ "Effect": "Allow", "Principal": { "Service": "ec2.amazonaws.com" }, "Action": "iam:PassRole" }] }

Why can't EC2 instances assume this role?
ABecause the Effect should be Deny
BBecause the Principal service is incorrect
CBecause the action should be sts:AssumeRole, not iam:PassRole
DBecause EC2 instances cannot assume roles
Step-by-Step Solution
Solution:

  1. Step 1: Identify the required action in trust policy

    The trust policy must allow the action sts:AssumeRole for the trusted entity to assume the role.

  2. Step 2: Analyze the given policy

    The policy uses iam:PassRole, which is incorrect for trust. This prevents EC2 from assuming the role.

  3. Final Answer:

    Because the action should be sts:AssumeRole, not iam:PassRole -> Option C

  4. Quick Check:

    Trust policy action must be sts:AssumeRole [OK]
Quick Trick: Trust policy action must be sts:AssumeRole [OK]
Common Mistakes:
  • Using iam:PassRole instead of sts:AssumeRole
  • Changing Effect to Deny by mistake
  • Believing EC2 cannot assume roles

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Basic CLI commands (s3, ec2) - Quiz 10hard AWS CLI - Using profiles for multiple accounts - Quiz 4medium EC2 Fundamentals - Instance metadata and user data - Quiz 9hard EC2 Fundamentals - Instance metadata and user data - Quiz 12easy Identity and Access Management - Managed vs inline policies - Quiz 5medium Identity and Access Management - Multi-factor authentication setup - Quiz 8hard S3 Fundamentals - Static website hosting on S3 - Quiz 5medium S3 Fundamentals - Creating S3 buckets - Quiz 2easy S3 Fundamentals - Static website hosting on S3 - Quiz 3easy VPC Fundamentals - VPC peering concept - Quiz 1easy