SysOps Evaluation 1

• You will be prompted with an "Action does not apply to any resource(s) in statement" error.

• The jumpingbrains bucket including all its objects will be publicly accessible and downloadable to anyone.

• The jumpingbrains bucket including all its objects will be publicly visible to anyone.

• The jumpingbrains bucket including all its objects will be publicly visible to anyone but downloading the objects is not allowed.

• Create a common IAM policy that can be applied across all accounts.

• Activate Consolidated Billing feature across the account to control the services on each account.

• Contact AWS and request for them to deny the services not allowed to be used across accounts.

• Use AWS Organizations and Service Control Policies to control services on each account.

• Go to AWS EC2 dashboard and download the Credential report.

• You can call up AWS support and have them generate the Credential report for you.

• You can contact an AWS partner to generate the Credential report.

• You can go to AWS IAM Console and download the Credential report.

Nothing, because EC2 can use DynamoDB as their both are AWS Services and the required permissions are already configured

You should provision an IAM role with DynamoDB access. Attach the IAM role to the EC2 instances which will route all calls coming from the web app to the DynamoDB table.

Create an IAM user and generate its access keys. Attach the policies that provide access to DynamoDB to this IAM user. Configure the Access keys inside the EC2 Instance

You should create a separate IAM user for the web app with policies  that provides access to DynamoDB.

Provide secure access keys to your applications needing access to AWS resources.

Use the AWS Root access keys for critical applications to access AWS resources.

• Use a shared user account to use for each department.

• Enable MFA for Privileged users.

Grant access on a least privilege basis.