Question 363:
You are the security leader in a firm that has its workloads on AWS. You have been asked to implement a way for developers to pass their roles to EC2. There are two conditions: Do not let the developers pass the Administrator role to EC2. The credentials for the role must last a maximum of 45 minutes. How could you achieve this?
Answer options:
A.Create a role named “EC2NotAdmin”. Create a new policy and attach it to the EC2NotAmin Role. This policy will have two statements. The first policy will have a statement to deny PassRole with the Admin Role as a resource. The second policy will allow a statement to pass the role to all resources. B.Create a role named “EC2NotAdmin”.Create a new policy and attach it to the IAM role. This policy will have two statements. The first policy will have a statement to allow PassRole with the Admin Role as a resource. The second policy will deny the statement to pass the role to all resources. C.Create a role named “EC2NotAdmin”. Attach a trust policy to the role that allows the service EC2 to assume a role and set the condition sts:DurationSeconds to 45 minutes. Create a new policy and attach it to the IAM role. This policy will have two statements. The first policy will have a statement to deny PassRole with the Admin Role as a resource. The second policy will allow the statement to pass the role to all resources. D.Create a role named “EC2NotAdmin”. Attach a trust policy to the role that allows the service EC2 to assume a role and set the condition sts:DurationSeconds to 45 minutes. Create a new policy and attach it to the IAM role. This policy will have two statements. The first policy will have a statement to allow PassRole with the Admin Role as a resource. The second policy will deny the statement to pass the role to all resources.