ec2:* Allows full control of EC2 instances, so C is correct
The policy only grants get and list permission on IAM users, so not A
ds:Delete deny denies delete-directory, so not B, see https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ds/index.html
The policy only grants get and describe permission on logs, so not D
In Policy number 2 its explicit deny to deleting directories so the IAM user wont be able to delete any directories
However in policy number 1 the statement "ec2:*", means the IAM user can perform all activities under the ec2
Therefore as per the given answer choice IAM user can delete an ec2 instance
so the choice is C: Deleting Amazon EC2 instances
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JayBee65
Highly Voted 2 years, 2 months agovincent2023
2 months, 1 week agomwwt2022
1 year, 3 months agoMorinator
Highly Voted 2 years, 2 months agosurajkrishnamurthy
Most Recent 2 months ago1e22522
7 months, 4 weeks agoTariqKipkemei
1 year, 6 months agoAninina
2 years, 2 months agomhmt4438
2 years, 2 months agoAninina
2 years, 2 months agobamishr
2 years, 2 months ago