An organization (Account ID 123412341234) has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

Last Updated on November 13, 2021 by Admin

An organization (Account ID 123412341234) has attached the below mentioned IAM policy to a user. What does this policy statement entitle the user to perform?

SOA-C01 AWS-SysOps ​​​​​Part13 Q15 011

SOA-C01 AWS-SysOps ​​​​​Part13 Q15 011

  • The policy allows the IAM user to modify all IAM user’s credentials using the console, SDK, CLI or APIs
  • The policy will give an invalid resource error
  • The policy allows the IAM user to modify all credentials using only the console
  • The policy allows the user to modify all IAM user’s password, sign in certificates and access keys using only CLI, SDK or APIs
Explanation:
WS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. If the organization (Account ID 123412341234) wants some of their users to manage credentials (access keys, password, and sing in certificates. of all IAM users, they should set an applicable policy to that user or group of users. The below mentioned policy allows the IAM user to modify the credentials of all IAM user’s using only CLI, SDK or APIs. The user cannot use the AWS console for this activity since he does not have list permission for the IAM users.
SOA-C01 AWS-SysOps ​​​​​Part13 Q15 012

SOA-C01 AWS-SysOps ​​​​​Part13 Q15 012