A company is reviewing its 1AM policies. One policy written by the DevOps engineer has been (lagged as too permissive. The policy is used by an AWS Lambda function that issues a stop command to Amazon EC2 instances tagged with Environment: NonProduccion over the weekend. The current policy is:
What changes should the engineer make to achieve a policy ot least permission? (Select THREE.)
A.
B.
C.
D.
E.
F.
The engineer should make the following changes to achieve a policy of least permission:
A:Add a condition to ensure that the principal making the request is an AWS Lambda function. This ensures that only Lambda functions can execute this policy.
B:Narrow down the resources by specifying the ARN of EC2 instances instead of allowing all resources. This ensures that the policy only affects EC2 instances.
D:Add a condition to ensure that this policy only applies to EC2 instances tagged with ''Environment: NonProduction''. This ensures that production environments are not affected by this policy.
AWS Identity and Access Management (IAM) - AWS Documentation
Certified DevOps Engineer - Professional (DOP-C02) Study Guide(page 179)
Diane
6 months agoCatalina
5 months agoKarol
5 months agoJeannine
6 months agoRikki
6 months agoBrandon
5 months agoBambi
5 months agoRaina
5 months agoMicaela
6 months agoLeonard
5 months agoSilva
5 months agoGabriele
6 months agoShawn
6 months agoDaron
6 months agoMaddie
7 months ago