Question

What does this IAM policy do?

{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Mystery Policy",
"Action": [
"ec2:RunInstances"
],
"Effect": "Allow",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestedRegion": "eu-west-1"
}
}
}
]
}
a) Allows running instances in any AWS region
b) Allows running instances only in the eu-west-1 region
c) Denies running instances in the eu-west-1 region
d) Denies running instances in any AWS region

Answer 1

The IAM policy allows the launching of EC2 instances exclusively in the AWS eu-west-1 region, indicated by the condition that requires the aws:RequestedRegion to match eu-west-1.

Step-by-step explanation:

This IAM policy specifies that the action ec2:RunInstances is allowed, but only under a certain condition. The effect "Allow" indicates that it is granting permission for the action mentioned. The action is restricted by a condition that requires that the aws:RequestedRegion must equal "eu-west-1". This means that the policy allows the launching of EC2 instances, but it is geographically limited to the eu-west-1 region. Therefore, this policy does not grant permission to run instances in any other AWS region.