PrepAway - Latest Free Exam Questions & Answers

How can it achieve this?

An organization has setup multiple IAM users. The organization wants that each IAM user accesses the IAM
console only within the organization and not from outside. How can it achieve this?

PrepAway - Latest Free Exam Questions & Answers

A.
Create an IAM policy with the security group and use that security group for AWS console login

B.
Create an IAM policy with a condition which denies access when the IP address range is not from the
organization

C.
Configure the EC2 instance security group which allows traffic only from the organization’s IP range

D.
Create an IAM policy with VPC and allow a secure gateway between the organization and AWS Console

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. The user can add conditions as a part of the IAM policies. The
condition can be set on AWS Tags, Time, and Client IP as well as on many other parameters. If the
organization wants the user to access only from a specific IP range, they should set an IAM policy condition
which denies access when the IP is not in a certain range. E.g. The sample policy given below denies all traffic
when the IP is not in a certain range.


Leave a Reply

Your email address will not be published. Required fields are marked *