A solutions architect wants to use the following JSON text as an identity-based policy to grant specific permissions: Which IAM principals can the solutions architect attach this policy to? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Role, Group.
Why this is the answer
Identity-based policies, like the JSON example provided, define permissions for IAM principals. IAM roles and IAM groups are both types of IAM principals to which identity-based policies can be directly attached. Attaching a policy to a role grants those permissions to any entity assuming that role. Attaching a policy to a group grants those permissions to all IAM users within that group. Organization is incorrect because AWS Organizations manages accounts, not individual permissions via identity-based policies. Amazon ECS resources and Amazon EC2 resources are compute resources, not IAM principals. While these resources might assume an IAM role, the policy is attached to the role itself, not directly to the resource.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed