Complete the code to create a security group that allows SSH access.
resource "aws_security_group" "example" { name = "example" description = "Allow SSH access" ingress { from_port = 22 to_port = 22 protocol = "tcp" cidr_blocks = [[1]] } }
Using "0.0.0.0/0" allows SSH access from any IP address, which is common in examples but not recommended for production.
Complete the code to enable encryption on an S3 bucket.
resource "aws_s3_bucket" "example" { bucket = "my-bucket" server_side_encryption_configuration { rule { apply_server_side_encryption_by_default { sse_algorithm = [1] } } } }
"AES256" enables Amazon S3-managed encryption, a common choice for server-side encryption.
Fix the error in the IAM policy statement to allow only read access to S3 buckets.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [1],
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}Read access requires the "s3:GetObject" action in a list format.
Fill both blanks to create a VPC with a public subnet and enable internet access.
resource "aws_vpc" "main" { cidr_block = [1] } resource "aws_subnet" "public" { vpc_id = aws_vpc.main.id cidr_block = [2] map_public_ip_on_launch = true }
The VPC uses a large CIDR block, and the subnet uses a smaller block within it to allow public IP mapping.
Fill all three blanks to define an IAM role with a trust policy for EC2 and attach a policy.
resource "aws_iam_role" "example" { name = "example-role" assume_role_policy = jsonencode({ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": {"Service": [1], "Action": [2] } ] }) } resource "aws_iam_role_policy_attachment" "example_attach" { role = aws_iam_role.example.name policy_arn = [3] }
The trust policy allows EC2 to assume the role, and the role is attached to the Amazon S3 read-only policy.