Prev Question
Next Question

Your system recently experienced down time during the troubleshooting process. You found that a new
administrator mistakenly terminated several production EC2 instances. Which of the following strategies will
help prevent a similar situation in the future? The administrator still must be able to:
– launch, start stop, and terminate development resources.
– launch and start production instances.

A.
Create an IAM user, which is not allowed to terminate instances by leveraging production EC2 termination
protection.

B.
Leverage resource based tagging along with an IAM user, which can prevent specific users from
terminating production EC2 resources.

C.
Leverage EC2 termination protection and multi-factor authentication, which together require users to
authenticate before terminating EC2 instances.

D.
Create an IAM user and apply an IAM role which prevents users from terminating production EC2 instances.

Explanation:
https://aws.amazon.com/blogs/security/resource-level-permissions-for-ec2-controlling-management-access-onspecific-instances/
*August 2016 Update* One way to work around this is to use a combination of an Amazon CloudWatch Events
rule and AWS Lambda to tag newly created instances.

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *