Bird
0
0

You created an IAM policy to allow only starting EC2 instances but users report they can also stop instances. What is the likely mistake?

medium📝 Debug Q14 of 15
AWS - Identity and Access Management
You created an IAM policy to allow only starting EC2 instances but users report they can also stop instances. What is the likely mistake?
AThe users have an additional policy granting stop permissions
BThe policy includes both <code>ec2:StartInstances</code> and <code>ec2:StopInstances</code> actions
CThe policy is attached to the wrong user
DThe policy uses wildcard * for all EC2 actions
Step-by-Step Solution
Solution:

  1. Step 1: Understand the reported behavior

    Users can stop instances, which is not intended by the new policy.

  2. Step 2: Identify possible causes

    If the policy only allows starting, but users can stop, they likely have another policy granting stop permissions.

  3. Final Answer:

    Users have an additional policy granting stop permissions -> Option A

  4. Quick Check:

    Multiple policies combine permissions [OK]
Quick Trick: Check all policies attached to users [OK]
Common Mistakes:
  • Assuming one policy overrides others
  • Not checking group or role policies
  • Ignoring policy wildcards

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Root user vs IAM user - Quiz 7medium AWS Account and Billing - Setting up billing alerts - Quiz 7medium Cloud Computing Fundamentals - Edge locations and CloudFront overview - Quiz 9hard EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 15hard EC2 Fundamentals - Launching an EC2 instance - Quiz 6medium S3 Fundamentals - Creating S3 buckets - Quiz 4medium S3 Fundamentals - Why S3 matters for object storage - Quiz 9hard VPC Fundamentals - Creating a custom VPC - Quiz 10hard VPC Fundamentals - Why VPC provides network isolation - Quiz 8hard VPC Fundamentals - Creating a custom VPC - Quiz 11easy