New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAA-C03 Exam - Topic 14 Question 25 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 25
Topic #: 14
[All SAA-C03 Questions]

A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:

Which IAM principals can the solutions architect attach this policy to? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

This JSON text is an identity-based policy that grants specific permissions. The IAM principals that the solutions architect can attach this policy to are Role and Group. This is because the policy is written in JSON and is an identity-based policy, which can be attached to IAM principals such as users, groups, and roles.Identity-based policies are permissions policies that you attach to IAM identities (users, groups, or roles) and explicitly state what that identity is allowed (or denied) to do1.Identity-based policies are different from resource-based policies, which define the permissions around the specific resource1.Resource-based policies are attached to a resource, such as an Amazon S3 bucket or an Amazon EC2 instance1.Resource-based policies can also specify a principal, which is the entity that is allowed or denied access to the resource1.Organization is not an IAM principal, but a feature of AWS Organizations that allows you to manage multiple AWS accounts centrally2.Amazon ECS resource and Amazon EC2 resource are not IAM principals, but AWS resources that can have resource-based policies attached to them34.


Identity-based policies and resource-based policies

AWS Organizations

Amazon ECS task role

Amazon EC2 instance profile

by Rebecka at Nov 23, 2023, 12:00 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Julio
3 months ago
Yup, Roles and Groups are the way to go!
upvoted 0 times
...
Ashleigh
3 months ago
No way it works for Organization!
upvoted 0 times
...
Royal
3 months ago
Wait, can you really attach it to a Group?
upvoted 0 times
...
Mary
4 months ago
I think it can also go on a Group.
upvoted 0 times
...
Glenna
4 months ago
Definitely can attach to a Role.
upvoted 0 times
...
Margot
4 months ago
I believe ECS resources can't have identity-based policies attached, but I'm a bit confused about EC2 resources. Did we cover that in class?
upvoted 0 times
...
Kenia
4 months ago
This kind of question reminds me of a practice test where we had to identify IAM principals. I feel like organizations might not be the right choice here.
upvoted 0 times
...
Elvera
4 months ago
I'm not so sure about groups; I remember something about them being able to have policies, but I can't recall if they can be attached like this.
upvoted 0 times
...
Elouise
5 months ago
I think roles are definitely one of the options since they can have policies attached directly.
upvoted 0 times
...
Nobuko
5 months ago
Alright, let me dive into this. The policy looks like it's granting permissions to specific IAM principals, so I'll need to match the policy details to the question options to determine the correct answer.
upvoted 0 times
...
Jovita
5 months ago
Hmm, this is a tricky one. I'll need to make sure I understand the difference between the IAM principal types and how they relate to this specific policy. I'll take my time and think it through step-by-step.
upvoted 0 times
...
Jess
5 months ago
The policy mentions "Principal" and "Action", so I'm guessing the question is asking about which IAM principals can have this policy attached to them. I'll need to evaluate each option carefully.
upvoted 0 times
...
Salena
5 months ago
Okay, the policy seems to be granting permissions to specific IAM principals. I'll need to analyze the policy and the question options to figure out which two principals can be attached to this policy.
upvoted 0 times
...
Vinnie
5 months ago
Hmm, this looks like an IAM policy question. I'll need to carefully review the policy details and the available IAM principal options to determine the correct answer.
upvoted 0 times
...
Kent
5 months ago
I'm feeling confident about this one. I think option B is the way to go - editing the existing request and selecting the dimensions in the right order. Should be a straightforward fix.
upvoted 0 times
...
Pamella
5 months ago
I think the number of change requests tested versus passed is a really important metric here. With the changes coming in rapidly, we'll need to track how many are actually making it through the process successfully.
upvoted 0 times
...
Hermila
5 months ago
I feel like recognizing employee motivation is crucial, so option C seems like something HR would definitely include. I'm uncertain about the others, though.
upvoted 0 times
...
Anisha
2 years ago
Organization? Really? I don't think that's correct. This policy is granting permissions to specific resources, not an entire organization. I'd go with Role and Group.
upvoted 0 times
...
Laurene
2 years ago
Hmm, I'm not so sure about that. What about Organization? That's an IAM principal that can be used for identity-based policies, right?
upvoted 0 times
...
Brock
2 years ago
Yeah, the policy looks pretty detailed. I'm pretty sure the correct answers are Role and Group, since those are the only IAM principals mentioned in the policy.
upvoted 0 times
Aliza
2 years ago
B) Group
upvoted 0 times
...
Nida
2 years ago
A) Role
upvoted 0 times
...
...
Keshia
2 years ago
This is an interesting question! The JSON policy document looks a bit complex, but I think I have a handle on the IAM principals that can be attached to it.
upvoted 0 times
...

Save Cancel