Suggested Answer:A🗳️
Temporary credentials in IAM are valid throughout their defined duration of time and hence can't be revoked. However, because permissions are evaluated each time an AWS request is made using the credentials, you can achieve the effect of revoking the credentials by changing the permissions for the credentials even after they have been issued. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_disable-perms.html
Answer is A
Here
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_disable-perms.html
clearly mentioned Temporary security credentials are valid until they expire, and they cannot be revoked
but you can achieve the effect of revoking the credentials by changing the permissions for the credentials even after they have been issued its alternative way only.
A.
You cannot revoke the temporary security credentials. There is a section in Adrian Cantrill's course on how to deal with when a malicious user receives temporary credentials.
the problem is that the question is not precise enough, like many other question. theoratically it's yes you can revoke, but you're gonna reset ALL sessions associated with the role. These old questions are really terrible (multiple interpretations, knowing limits and instance capabilities by heart...), I hope the recent questions are better as I don't see how answering these kinfd of question make you a good architect
It's D. See how 'To immediately deny all permissions to any current user of role credentials' https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_revoke-sessions.html
Temporary security credentials are valid until they expire, and they cannot be revoked. However, because permissions are evaluated each time an AWS request is made using the credentials, you can achieve the effect of revoking the credentials by changing the permissions for the credentials even after they have been issued. If you remove all permissions from the temporary security credentials, subsequent AWS requests that use those credentials will fail. The mechanisms for changing or removing the permissions assigned to temporary security credentials are explained in the following sections.
When you enable users to access the AWS Management Console with a long session duration time (such as 12 hours), their temporary credentials do not expire as quickly. If users inadvertently expose their credentials to an unauthorized third party, that party has access for the duration of the session. However, you can immediately revoke all permissions to the role's credentials issued before a certain point in time if you need to. All temporary credentials for that role issued before the specified time become invalid. This forces all users to reauthenticate and request new credentials.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
ExtHo
Highly Voted 3 years, 7 months ago01037
3 years, 6 months agobamjive06
3 years, 6 months agoamministrazione
Most Recent 8 months, 1 week agohilft
2 years, 9 months agoTechIsi
2 years, 12 months agopcops
3 years, 4 months agorobertomartinez
3 years, 6 months agorobertomartinez
3 years, 6 months agorain_wu
3 years, 6 months agopt8
3 years, 6 months agocpal012
3 years, 7 months agoramikhreim
3 years, 7 months agomanoj101
3 years, 7 months agoNKnab
3 years, 7 months agokrtek77
3 years, 7 months agotan9
3 years, 7 months agokaush
3 years, 7 months ago