Which AWS IAM feature should the administrator use to configure these permissions?

An IT administrator is setting up access for a new team member who needs to manage EC2 instances but should not have access to manage RDS databases.

Which AWS IAM feature should the administrator use to configure these permissions?
A . Group memberships
B . Multi-factor authentication
C . Custom IAM policies
D . IAM roles for EC2

View Answer

Answer: C

Explanation:

Correct Answer. C. Custom IAM policies Custom IAM policies allow administrators to precisely define and control access to AWS services. By creating a policy that explicitly grants permissions to manage EC2 instances and denies access to RDS databases, the administrator can ensure the new team member has the correct access rights.

Option A is incorrect because group memberships would manage permissions at a broader level and would not necessarily restrict access to specific AWS services unless tied to specific policies.

Option B is incorrect because multi-factor authentication enhances security for account access but does not control specific permissions.

Option D is incorrect because IAM roles for EC2 are used to grant permissions to EC2 instances themselves, not to users managing those instances.