ec2:* Allows full control of EC2 instances, so C is correct
The policy only grants get and list permission on IAM users, so not A
ds:Delete deny denies delete-directory, so not B, see https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ds/index.html
The policy only grants get and describe permission on logs, so not D
In Policy number 2 its explicit deny to deleting directories so the IAM user wont be able to delete any directories
However in policy number 1 the statement "ec2:*", means the IAM user can perform all activities under the ec2
Therefore as per the given answer choice IAM user can delete an ec2 instance
so the choice is C: Deleting Amazon EC2 instances
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
JayBee65
Highly Voted 2 years, 3 months agovincent2023
3 months, 1 week agomwwt2022
1 year, 3 months agoMorinator
Highly Voted 2 years, 3 months agosurajkrishnamurthy
Most Recent 2 months, 4 weeks ago1e22522
8 months, 3 weeks agoTariqKipkemei
1 year, 7 months agoAninina
2 years, 3 months agomhmt4438
2 years, 3 months agoAninina
2 years, 3 months agobamishr
2 years, 3 months ago