Answer-first summary for fast verification
Answer: Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
The correct answer is A. Creating an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user ensures that the contractor can access only the Amazon EC2 console and no other AWS services. This inline policy directly attached to the user takes precedence over permissions granted via IAM groups and ensures that no additional access can be obtained through group memberships.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A security engineer at a company is required to limit a contractor's IAM account to access only the Amazon EC2 console within AWS, without providing any access to other AWS services. This restriction must be enforced such that even if the contractor's IAM account is later added to an IAM group with broader permissions, it should still be unable to access any other AWS services. What specific action should the security engineer implement to achieve this restricted access?
A
Create an inline IAM user policy that allows for Amazon EC2 access for the contractor's IAM user.
B
Create an IAM permissions boundary policy that allows Amazon EC2 access. Associate the contractor's IAM account with the IAM permissions boundary policy.
C
Create an IAM group with an attached policy that allows for Amazon EC2 access. Associate the contractor's IAM account with the IAM group.
D
Create a IAM role that allows for EC2 and explicitly denies all other services. Instruct the contractor to always assume this role.
No comments yet.