🔥 3-day streak
AWS Certified Security - Specialty71 / 184
Question 71 of 184

A company runs hundreds of project teams in a single AWS account. Each EC2 instance and each IAM role is tagged with a 'project' key identifying its owning team. The security team wants engineers to be able to start and stop only the EC2 instances belonging to their own project, without writing a separate IAM policy for every team as new projects are onboarded. Which approach best achieves this using least privilege at scale?

Reviewed for accuracy · Report an issueNext question