Bird
0
0

Given this IAM policy snippet, what permissions does the user effectively have?

medium📝 Predict Output Q4 of 15
AWS - Identity and Access Management
Given this IAM policy snippet, what permissions does the user effectively have?
{
  "Effect": "Allow",
  "Action": ["ec2:StopInstances"],
  "Resource": ["arn:aws:ec2:us-west-2:123456789012:instance/i-1234567890abcdef0"]
}
AUser can stop any EC2 instance in any region
BUser can start and stop all EC2 instances in the account
CUser can stop only the specified EC2 instance
DUser can start the specified EC2 instance
Step-by-Step Solution
Solution:

  1. Step 1: Analyze Effect and Action

    Effect is Allow for action ec2:StopInstances only.

  2. Step 2: Analyze Resource

    Resource is a specific EC2 instance ARN.

  3. Step 3: Determine effective permission

    User can stop only that specific instance, no other actions allowed.

  4. Final Answer:

    User can stop only the specified EC2 instance -> Option C

  5. Quick Check:

    Action and resource match specific stop permission [OK]
Quick Trick: Action and resource define exact allowed operation [OK]
Common Mistakes:
  • Assuming user can start instances without permission
  • Assuming permissions apply to all instances or regions

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Root user vs IAM user - Quiz 7medium AWS Account and Billing - Setting up billing alerts - Quiz 7medium Cloud Computing Fundamentals - Edge locations and CloudFront overview - Quiz 9hard EC2 Fundamentals - Instance states (running, stopped, terminated) - Quiz 15hard EC2 Fundamentals - Launching an EC2 instance - Quiz 6medium S3 Fundamentals - Creating S3 buckets - Quiz 4medium S3 Fundamentals - Why S3 matters for object storage - Quiz 9hard VPC Fundamentals - Creating a custom VPC - Quiz 10hard VPC Fundamentals - Why VPC provides network isolation - Quiz 8hard VPC Fundamentals - Creating a custom VPC - Quiz 11easy