🔥 3-day streak
AWS Certified Solutions Architect - Professional153 / 186
Question 153 of 186

A large enterprise uses AWS Organizations with all features enabled. The security team has attached an SCP to an OU that denies the ec2:RunInstances action unless the request includes an instance type of t3.micro or t3.small. In one account within that OU, a developer has an IAM role with a policy that explicitly allows ec2:RunInstances for all instance types, and there is no permission boundary attached to the role. When the developer attempts to launch a t3.large instance, what is the result and why?

Reviewed for accuracy · Report an issueNext question