volume_mute

Based on the following IAM policy, what action is the user explicitly allowed to perform?

publish date: 2024/08/14 01:49:20.039555 UTC

volume_mute

{
    "Sid": "AllowManageOwnVirtualMFADevice",
    "Effect": "Allow",
    "Action": [
        "iam:CreateVirtualMFADevice"
    ],
    "Resource": "arn:aws:iam::*:mfa/*"
}

Attach an MFA device to a user account

Create a new virtual MFA device

Delete a virtual MFA device

Update the MFA device settings

Correct Answer

Create a new virtual MFA device

Explanation

Attach an MFA device to a user account: This action involves attaching an existing MFA device to a user, which is not explicitly covered by the policy.
Create a new virtual MFA device: This is the correct answer as the policy specifies the "Action": ["iam:CreateVirtualMFADevice"], meaning it allows the creation of a new virtual MFA device.
Delete a virtual MFA device: The policy does not allow the deletion of any MFA device, only its creation.
Update the MFA device settings: Updating settings is not part of the allowed actions in this policy. The policy only mentions the creation of the device.

Reference

AWS Skills Builder

Quizzes you can take where this question appears

AWS Identity and Access Management (IAM)