Answer-first summary for fast verification
Answer: Use the AWS CLI --dry-run option
Use the AWS CLI --dry-run option: The --dry-run option checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation, otherwise, it is UnauthorizedOperation. Incorrect options: Use the AWS CLI --test option - This is a made-up option and has been added as a distractor. Retrieve the policy using the EC2 metadata service and use the IAM policy simulator - EC2 metadata service is used to retrieve dynamic information such as instance-id, local-hostname, public-hostname. This cannot be used to check whether you have the required permissions for the action. Using the CLI, create a dummy EC2 and delete it using another CLI call - That would not work as the current EC2 may have permissions that the dummy instance does not have. If permissions were the same it can work but it's not as elegant as using the dry-run option.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
As a development team lead, you are responsible for setting permissions for other IAM users within your organization to ensure they only have the necessary privileges. Using the AWS Management Console, you have created a development group (dev group) where new developers will be added. Additionally, you have configured a developer profile on your workstation. Now, you want to test and verify that a user in this group does not have the permission to terminate EC2 instances.
Which of the following options would you execute?
A
Using the CLI, create a dummy EC2 and delete it using another CLI call
B
Use the AWS CLI --test option
C
Retrieve the policy using the EC2 metadata service and use the IAM policy simulator
D
Use the AWS CLI --dry-run option