An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants a particular group of IAM users to access only the test instances and not the production ones. They want to deploy the instances in various locations based on the factors that will change from time to time, especially in the test group. They expect instances will often need to be churned, i.e. deleted and replaced, especially in the testing group. This means the five instances they have created now will soon be replaced by a different set of five instances. The members of each group, produc-tion and testing, will not change in the foreseeable future. Given the situation, what choice below is the most efficient and time-saving strategy to define the IAM policy?
A) By creating an IAM policy with a condition that allows access to only small instances
B) By defining the IAM policy that allows access based on the instance ID
C) By launching the test and production instances in separate regions and allowing region wise ac-cess to the group
D) By defining the tags on the test and production team members IAM user IDs, and adding a con-dition to the IAM policy that allows access to specific tags

Question

Quizplus · Accepted Answer

Using tags on IAM user IDs and adding conditions to the IAM policy based on these tags allows dynamic and flexible access control, which is efficient given the frequent changes in instances.

An Organization Has Launched 5 Instances: 2 for Production and 3