IAM & Organizations

Câu 1. An application running on an Amazon EC2 instance needs to read objects from an Amazon S3 bucket. What is the RECOMMENDED approach to grant this access?

Câu 2. An IAM identity-based policy explicitly allows an action, but a Service Control Policy (SCP) explicitly denies the same action. Can the user perform the action?

Câu 3. A company needs to allow a third-party auditing firm to assume an IAM role in their AWS account. What should be included in the role's trust policy to prevent the confused deputy problem?

Câu 4. A company wants to completely block all AWS services except a specific whitelist across all accounts in an Organization OU. Which tool should they use?