This certification preparation material would help you in getting the jobs in the AWS Fields

AWS Developer Certification : Associate Level AWS Sysops Administrator Certification : Assciate Level AWS Solution Architect Certification : Associate Level AWS Soltion Architect : Professional Level AWS Certified Security Specialty (SCS-C01) AWS Professional certification Exam AWS Certified Big Data – Specialty (BDS-C00) AWS Certified Machine Learning MLS C01 Certification Prepration Materal AWS Solution Architect : Training Associate AWS Advanced Networking Certifications AWS Exam Prepare : Kinesis Data Stream Book : AWS Solution Architect Associate : Little Guide AWS Security Specialization Certification: Little Guide SCS-C01 AWS Package Deal

While applying to the Job you need to mention referred by : | or Website :


Question-10: Suppose you attach a policy to an IAM user and specify condition such that request from a range of IP address (from your corporate network) can use AWS services like EBS, EC2 and KMS to encrypt and decrypt volume attached to EC2 instance. Now this same IAM user attempts to attach an encrypted volume to an EC2 instance and action fails even user has permission on all three required services. Why?

  1. Request from VPC which is not part of same AWS regions are not allowed.
  2. Request from different VPCs are not allowed.
  3. IP address is not listed correctly in the allowed list of IP addresses.
  4. Selected EC2 instance does not support encrypted EBS volume.

Abs: C

Detailed Explanation:  If you don’t have correct knowledge than such options can confuse you and lead to choose wrong answer. In this case Request reaching to KMS to decrypt the volumes encrypted data key comes from the IP address of EC2 instance which does not allow IP addresses other than specified in the Policy Document. You allowed IP addresses from your corporate network but not the IP address of your EC2 instance. Similar issue can occur if you specify VPC based conditions in policy.