You work for a company as a Systems Administrator.
You have a vendor that needs access to an AWS resource in your company's account.
You create an AWS user account.
You want to restrict access to the resource using a policy for just that user over a brief period.
Which of the following would be an ideal policy to use?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
The AWS Documentation gives an example of such a case.
Inline policies are useful if you want to maintain a strict one-to-one relationship between a policy and the principal entity that it's applied to.
For example, you want to be sure that the permissions in a policy are not inadvertently assigned to a principal entity other than the one they're intended for.
When you use an inline policy, the permissions in the policy cannot be inadvertently attached to the wrong principal entity.
In addition, when you use the AWS Management Console to delete that principal entity, the policies embedded in the principal entity are deleted as well.
That's because they are part of the principal entity.
Option A is invalid because AWS Managed Policies are ok for a group of users.
But for individual users, inline policies are better.
Options C and D are invalid because they are specifically meant for access to S3 buckets.
For more information on policies, please visit the following URL-
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.htmlIn this scenario, you want to give a vendor access to an AWS resource in your company's account for a brief period, and you want to restrict the access to just that user.
An AWS Managed Policy is a pre-built policy that is maintained by AWS. It is ideal when you want to apply the same permissions to multiple users, groups, or roles. In this case, since you want to restrict access to just one user, an AWS Managed Policy may not be the best option.
An Inline Policy is a policy that is attached directly to a user, group, or role. It is ideal when you want to grant specific permissions to a single user, group, or role. In this scenario, an Inline Policy would be the ideal policy to use since you want to restrict access to just that one user.
A Bucket Policy is a policy that is attached to an S3 bucket. It is used to control access to the bucket and its contents. In this scenario, since you are not dealing with an S3 bucket, a Bucket Policy would not be applicable.
A bucket ACL (Access Control List) is a legacy method of controlling access to an S3 bucket. It is being replaced by IAM policies and Bucket policies. In this scenario, since you are not dealing with an S3 bucket, a bucket ACL would not be applicable.
Therefore, the ideal policy to use in this scenario would be an Inline Policy.