A company wants to ensure that only one user from its Admin group has the permanent right to delete an Amazon EC2 resource. The company must not modify the existing Admin group policy.
What should a developer use to meet these requirements?
An inline IAM policy is directly attached to a specific IAM user, group, or role and applies only to that principal. AWS documentation states that inline policies are useful when permissions should be tightly scoped and not reused.
In this scenario, the Admin group policy cannot be changed, but one specific user needs permanent delete permissions. Attaching an inline policy directly to that user grants the required permissions without impacting other Admin users.
AWS managed policies (Option A) are reusable and not suitable for user-specific access. IAM trust relationships (Option C) control role assumption, not resource permissions. AWS STS (Option D) provides temporary credentials, not permanent access.
Therefore, an inline policy is the correct solution.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit