Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

By:
In: DVA-C02
Tagged:
With: 1 Comment
An IAM role is attached to an Amazon EC2 instance that explicitly denies access to all Amazon S3 API actions.The EC2 instance credentials file specifies the IAM access key and secret access key, which allow full administrative access.

Given that multiple modes of IAM access are present for this EC2 instance, which of the following is correct?

The EC2 instance will only be able to list the S3 buckets.

The EC2 instance will only be able to list the contents of one S3 bucket at a time.

The EC2 instance will be able to perform all actions on any S3 bucket.

The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Explanations:

The explicit deny in the IAM role attached to the EC2 instance takes precedence over any permissions granted by the IAM access key and secret access key, so the instance cannot list S3 buckets.

Similar to option A, the explicit deny in the IAM role prevents any S3 actions, including listing the contents of a single S3 bucket. Therefore, the instance cannot perform this action.

The presence of an explicit deny in the IAM role overrides the full administrative access provided by the access key and secret key, preventing any actions on S3 buckets.

The explicit deny attached to the IAM role effectively prevents any S3 actions from being performed by the EC2 instance, regardless of the permissions granted by the IAM access key and secret access key.

2025-10-09

1 Comment

  1. Harold
    Author

    I outline that the answer is:
    The EC2 instance will not be able to perform any S3 action on any S3 bucket.

Leave a Reply

Your email address will not be published. Required fields are marked *

two × five =