Bird
0
0

If an IAM role's trust policy allows "arn:aws:iam::123456789012:user/Alice" as Principal, who can assume this role?

medium📝 Predict Output Q5 of 15
AWS - Identity and Access Management
If an IAM role's trust policy allows "arn:aws:iam::123456789012:user/Alice" as Principal, who can assume this role?
AAny IAM user named Alice in any account
BThe IAM user Alice in account 123456789012
CAny user in account 123456789012
DOnly the root user of account 123456789012
Step-by-Step Solution
Solution:

  1. Step 1: Understand ARN specificity

    The ARN specifies a single IAM user named Alice in account 123456789012.

  2. Step 2: Match Principal to allowed entity

    Only that specific user can assume the role, not all users or root.

  3. Final Answer:

    The IAM user Alice in account 123456789012 -> Option B

  4. Quick Check:

    Principal ARN specifies exact user allowed [OK]
Quick Trick: Principal ARN targets specific user or entity [OK]
Common Mistakes:
MISTAKES
  • Assuming all users in account can assume role
  • Confusing user name with account-wide permission
  • Thinking root user is included

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Root user vs IAM user - Quiz 2easy AWS CLI - Configuring credentials - Quiz 7medium AWS CLI - CLI scripting basics - Quiz 13medium Cloud Computing Fundamentals - What is cloud computing - Quiz 1easy Cloud Computing Fundamentals - AWS free tier overview - Quiz 6medium Cloud Computing Fundamentals - What is cloud computing - Quiz 5medium S3 Fundamentals - Creating S3 buckets - Quiz 7medium Security Groups and Network ACLs - Network ACLs overview - Quiz 10hard Security Groups and Network ACLs - Stateful behavior of security groups - Quiz 14medium VPC Fundamentals - VPC peering concept - Quiz 2easy