Which of the below statements is true in regards to resource-level permissions?

You are setting up some IAM user policies and have also become aware that some services support resource-based permissions, which let you attach policies to the service’s resources instead of to IAM users or groups.

Which of the below statements is true in regards to resource-level permissions?
A .  All services support resource-level permissions for all actions.
B .  Resource-level permissions are supported by Amazon CloudFront
C .  All services support resource-level permissions only for some actions.
D .  Some services support resource-level permissions only for some actions.

Answer: D

Explanation:

AWS Identity and Access Management is a web service that enables Amazon Web Services (AWS) customers to manage users and user permissions in AWS. The service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon RDS, and the AWS Management Console. With IAM, you can centrally manage users, security credentials such as access keys, and permissions that control which AWS resources users can access.

In addition to supporting IAM user policies, some services support resource-based permissions, which let you attach policies to the service’s resources instead of to IAM users or groups. Resource-based permissions are supported by Amazon S3, Amazon SNS, and Amazon SQS.

The resource-level permissions service supports IAM policies in which you can specify individual resources using Amazon Resource Names (ARNs) in the policy’s Resource element.

Some services support resource-level permissions only for some actions.

Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.html

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments