AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

Which mechanism helps ensure that only authorized IAM roles or users can invoke Amazon Bedrock models?

Real Exam

Community

RRitesh

Last updated: December 3, 2025 at 18:27

IAM Access Policies

Multi-region replication

Trusted Advisor

AWS Backup

Explanation:

IAM (Identity and Access Management) Access Policies are the primary mechanism for controlling access to AWS resources, including Amazon Bedrock models. These policies define permissions that specify which IAM roles or users can perform specific actions on AWS resources.

Explanation:

IAM Access Policies (Option A): These are JSON documents that define permissions for IAM identities (users, groups, roles) to access AWS resources. They are essential for security and compliance.
Multi-region replication (Option B): This is a data replication feature for disaster recovery, not an access control mechanism.
Trusted Advisor (Option C): This is an AWS tool that provides best practice recommendations, not an access control mechanism.
AWS Backup (Option D): This is a centralized backup service, not related to access control.

IAM Access Policies work by:

Attaching policies to IAM users, groups, or roles
Defining specific actions (like bedrock:InvokeModel) that are allowed or denied
Specifying the resources (specific Bedrock models) the policy applies to
Optionally adding conditions for additional security controls

This ensures that only authorized entities can invoke Amazon Bedrock models, maintaining the principle of least privilege.

Powered ByGemini-3 Flash

Comments

Loading comments...