Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon Exam SAA-C03 Topic 14 Question 25 Discussion

Actual exam question for Amazon's SAA-C03 exam
Question #: 25
Topic #: 14
[All SAA-C03 Questions]

A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions:

Which IAM principals can the solutions architect attach this policy to? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B

This JSON text is an identity-based policy that grants specific permissions. The IAM principals that the solutions architect can attach this policy to are Role and Group. This is because the policy is written in JSON and is an identity-based policy, which can be attached to IAM principals such as users, groups, and roles.Identity-based policies are permissions policies that you attach to IAM identities (users, groups, or roles) and explicitly state what that identity is allowed (or denied) to do1.Identity-based policies are different from resource-based policies, which define the permissions around the specific resource1.Resource-based policies are attached to a resource, such as an Amazon S3 bucket or an Amazon EC2 instance1.Resource-based policies can also specify a principal, which is the entity that is allowed or denied access to the resource1.Organization is not an IAM principal, but a feature of AWS Organizations that allows you to manage multiple AWS accounts centrally2.Amazon ECS resource and Amazon EC2 resource are not IAM principals, but AWS resources that can have resource-based policies attached to them34.


Identity-based policies and resource-based policies

AWS Organizations

Amazon ECS task role

Amazon EC2 instance profile

by Rebecka at Nov 23, 2023, 12:00 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Anisha
2 days ago
Organization? Really? I don't think that's correct. This policy is granting permissions to specific resources, not an entire organization. I'd go with Role and Group.
upvoted 0 times
...
Laurene
3 days ago
Hmm, I'm not so sure about that. What about Organization? That's an IAM principal that can be used for identity-based policies, right?
upvoted 0 times
...
Brock
4 days ago
Yeah, the policy looks pretty detailed. I'm pretty sure the correct answers are Role and Group, since those are the only IAM principals mentioned in the policy.
upvoted 0 times
...
Keshia
5 days ago
This is an interesting question! The JSON policy document looks a bit complex, but I think I have a handle on the IAM principals that can be attached to it.
upvoted 0 times
...

Save Cancel