Given an IAM role with a policy allowing 'ec2:StartInstances' and 'ec2:StopInstances', what happens if a user assumes this role and tries to terminate an EC2 instance?

medium📝 Predict Output Q4 of 15

AWS - Identity and Access Management

AThe termination fails because 'ec2:TerminateInstances' is not allowed

BThe termination succeeds because the role has EC2 permissions

CThe termination succeeds only if the instance is stopped

DThe termination fails due to lack of network permissions

Step-by-Step Solution

Solution:

Step 1: Analyze allowed actions in the policy
The policy allows starting and stopping instances but does not include termination permission.
Step 2: Understand effect of missing permissions
Without explicit 'ec2:TerminateInstances' permission, termination attempts are denied.
Final Answer:
Termination fails due to missing permission -> Option A
Quick Check:
Missing permission = action denied [OK]

Quick Trick: Only allowed actions can be performed by a role [OK]

Common Mistakes:

MISTAKES

Assuming all EC2 actions are allowed if some are
Ignoring the need for explicit termination permission

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More AWS Quizzes

Given an IAM role with a policy allowing 'ec2:StartInstances' and 'ec2:StopInstances', what happens if a user assumes this role and tries to terminate an EC2 instance?

Step 1: Analyze allowed actions in the policy

Step 2: Understand effect of missing permissions

Final Answer:

Quick Check:

Want More Practice?