Complete the code to specify the AWS service that assumes the IAM role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"Service": "[1]"},
"Action": "sts:AssumeRole"
}
]
}The Principal specifies which AWS service can assume the role. For AWS Lambda functions, it is lambda.amazonaws.com.
Complete the code to allow the role to perform the action of reading objects from S3.
{
"Effect": "Allow",
"Action": "s3:[1]",
"Resource": "arn:aws:s3:::example-bucket/*"
}The GetObject action allows reading objects from an S3 bucket.
Fix the error in the trust policy by completing the missing action that allows role assumption.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {"Service": "ecs-tasks.amazonaws.com"},
"Action": "sts:[1]"
}
]
}The action sts:AssumeRole is required in the trust policy to allow the specified service to assume the role.
Fill both blanks to create a policy statement that allows listing all S3 buckets and reading objects from a specific bucket.
{
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:[1]", "s3:[2]"],
"Resource": ["arn:aws:s3:::*", "arn:aws:s3:::example-bucket/*"]
}
]
}ListBucket allows listing all buckets, and GetObject allows reading objects from the specified bucket.
Fill all three blanks to define a role trust policy that allows EC2 instances to assume the role with the correct action and service.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "[1]",
"Principal": {"Service": "[2]"},
"Action": "sts:[3]"
}
]
}The trust policy must Allow the ec2.amazonaws.com service to perform the sts:AssumeRole action to assume the role.