ExpertHard1 markMultiple Choice
AWS SAA-C03 · Question 19 · Domain 1.1: Secure Access
A company wants to ensure that developers can only launch EC2 instances of type 't3.micro' in their development AWS account. How can this be enforced?
A company wants to ensure that developers can only launch EC2 instances of type 't3.micro' in their development AWS account. How can this be enforced?
Answer options:
A.
Use AWS Config to automatically terminate non-t3.micro instances.
B.
Attach an IAM policy with a condition restricting ec2:InstanceType.
C.
Create an SCP in AWS Organizations to limit instance types.
D.
Use AWS Systems Manager to restrict instance launches.
How to approach this question
Look for IAM condition keys.
Full Answer
B.Attach an IAM policy with a condition restricting ec2:InstanceType.✓ Correct
Attach an IAM policy to the developers' roles with a condition restricting the ec2:InstanceType to t3.micro.
IAM policies can include condition blocks. The `ec2:InstanceType` condition key can be used to restrict which instance types a user can launch.
Common mistakes
Choosing SCPs, which are usually too broad for user-specific restrictions.
Practice the full AWS SAA-C03 Practice Exam 2
65 questions · hints · full answers · grading
More questions from this exam
Q01A company wants to ensure that no AWS resources can be created in the ap-northeast-1 region acros...EasyQ02A web application runs on Amazon EC2 instances behind an Application Load Balancer (ALB). The com...EasyQ03A company is storing highly sensitive data in an Amazon S3 bucket. The security team requires tha...MediumQ04An application running on an EC2 instance needs to access an Amazon DynamoDB table in a different...HardQ05A company needs to store database credentials securely. The credentials must be automatically rot...Medium