AWS Certified Cloud Practitioner — Question 373

A newly created IAM user has no IAM policy attached.

What will happen when the user logs in and attempts to view the AWS resources in the account?

Answer options

• A. All AWS services will be read-only access by default.
• B. Access to all AWS resources will be denied.
• C. Access to the AWS billing services will be allowed.
• D. Access to AWS resources will be allowed through the AWS CLI.

Correct answer: B

Explanation

AWS IAM operates on a 'default deny' principle, meaning a newly created user has zero permissions until they are explicitly granted. Without any attached IAM policies, all requests to view or access AWS resources, whether via the console or CLI, will be denied. Therefore, the user will not be able to interact with any services in the account.