If an IAM group named Admins has a policy allowing ec2:StopInstances, what will happen when a user in that group attempts to stop an EC2 instance?

medium📝 service behavior Q4 of 15

AWS - Identity and Access Management

If an IAM group named Admins has a policy allowing ec2:StopInstances, what will happen when a user in that group attempts to stop an EC2 instance?

AThe user must have an explicit deny in their user policy to stop the instance

BThe user will be denied because group policies do not apply to users

CThe user will be allowed to stop the EC2 instance

DThe user can only stop instances if they are the instance owner

Step-by-Step Solution

Solution:

Step 1: Understand group policy inheritance
Users inherit permissions from their groups.
Step 2: Effect of group policy
If the group policy allows ec2:StopInstances, the user can perform that action unless explicitly denied.
Final Answer:
The user will be allowed to stop the EC2 instance -> Option C
Quick Check:
Group permissions apply to users [OK]

Quick Trick: Group permissions apply to users unless denied [OK]

Common Mistakes:

MISTAKES

Believing group policies don't affect users
Assuming explicit deny is required to allow action
Thinking instance ownership affects IAM permissions

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

If an IAM group named Admins has a policy allowing ec2:StopInstances, what will happen when a user in that group attempts to stop an EC2 instance?

Step 1: Understand group policy inheritance

Step 2: Effect of group policy

Final Answer:

Quick Check:

Want More Practice?