AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A security engineer at a company is required to limit a contractor's IAM account to access only the Amazon EC2 console within AWS, without providing any access to other AWS services. This restriction must be enforced such that even if the contractor's IAM account is later added to an IAM group with broader permissions, it should still be unable to access any other AWS services. What specific action should the security engineer implement to achieve this restricted access?
A
Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
B
Create an IAM permissions boundary policy that allows Amazon EC2 access. Associate the contractor's IAM account with the IAM permissions boundary policy.
C
Create an IAM group with an attached policy that allows for Amazon EC2 access. Associate the contractor's IAM account with the IAM group.
D
Create a IAM role that allows for EC2 and explicitly denies all other services. Instruct the contractor to always assume this role.