Q6 — AWS SAA-C03 Ch.1
Question 6 of 65 | ← Chapter 1
Q6. An Amazon EC2 administrator created the following policy associated with an IAM group containing several users.What is the effect of this policy?
- A. Users can terminate an EC2 instance in any AWS Region except us-east-1.
- B. Users can terminate an EC2 instance with the IP address 10.100. 1001 in the us-east-1 Region.
- C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254. ✓
- D. Users cannot terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
Correct Answer: C. Users can terminate an EC2 instance in the us-east-1 Region when the user's source IP is 10.100.100.254.
Explanation
Actually as per the policy both B and C are correct. But the IP 10.100.100.1 is the Reserved AWS IP and cannot be used by EC2 instance.What the policy means:\1. Allow termination of any instance if user's source ip address is 10.100. 100.254. \2. Deny termination of instances that are not in the us-east-1 region.Combining this two, you get:"Allow instance termination in the us-east-1 region if the user's source ip address is 10.100. 100.254. Deny termination operation on other regions."