An organization (Account ID 123412341234. has attached the below mentioned IAM policy to a user. What
does this policy statement entitle the user to perform?
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]
}]
A.
0
B.
0
C.
0
D.
0
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. If the organization (Account ID 123412341234. wants some of their
users to manage keys (access and secret access keys. of all IAM users, the organization should set the below
mentioned policy which entitles the IAM user to modify keys of all IAM users with CLI, SDK or API.
“Statement”: [
{
“Sid”: “AllowUsersAllActionsForCredentials”,
“Effect”: “Allow”,
“Action”: [
“iam:*AccessKey*”,
],
“Resource”: [“arn:aws:iam:: 123412341234:user/${aws:username}”]}]