Q27 — AWS DVA-C02 Ch.2
Question 27 of 100 | ← Chapter 2
A developer accesses AWS CodeCommit via SSH. The SSH key used to access AWS CodeCommit is associated with an IAM user having the following permissions: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "codecommit:BatchGetRepositories", "codecommit:Get*", "codecommit:List*", "codecommit:GitFull" ], "Resource": "*" } ]}. The developer needs to create and delete branches. Based on the principle of least privilege, which specific IAM permissions should be added?
- A. "codecommit:CreateBranch", "codecommit:DeleteBranch" ✓
- B. "codecommit:Put*"
- C. "codecommit:Update*"
- D. "codecommit:*"
Correct Answer: A. "codecommit:CreateBranch", "codecommit:DeleteBranch"
Explanation
This question tests understanding of AWS IAM permissions. The developer requires explicit permissions to create and delete branches via SSH. Option A grants only `codecommit:CreateBranch` and `codecommit:DeleteBranch`, satisfying the exact requirement while adhering to least privilege. Options B, C, and D grant broad or wildcard permissions (`Put*`, `Update*`, `*`) that exceed the minimum needed—violating least privilege principles.