Q58 — AWS SAA-C03 Ch.5
Question 58 of 65 | ← Chapter 5
Q358. A solutions architect wants to use the following JsON text as an identity-based policy to grant specific permissions:{"Statement": [{"Action":["ssm:ListDocuments","ssm: GetDocument'],"Effect": "Allow","Resource": """Sid": "'}],"Version":"2012-10-17"}Which IAM principals can the solutions architect attach this policy to?(Select TWO.)
- A. Role ✓
- B. Group ✓
- C. Organization
- D. Amazon Elastic Container Service (Amazon ECS) resource
- E. Amazon EC2 resource
Correct Answer: A. Role, B. Group
Explanation
This identity-based policy can be attached to IAM roles or groups that require permissions to use SSM (Systems Manager) ListDocuments and GetDocument actions on any resource in the account. Amazon ECS or Amazon EC2 resources are not IAM principals, but rather they are services/resources that IAM policies can be attached to. Similarly, an organization is not an IAM principal itself, but it contains accounts and can have policies applied to it.