AWS Certified Solutions Architect – Professional — Question 201

While implementing the policy keys in AWS Direct Connect, if you use and the request comes from an Amazon EC2 instance, the instance's public IP address is evaluated to determine if access is allowed.

Answer options

• A. aws:SecureTransport
• B. aws:EpochIP
• C. aws:SourceIp
• D. aws:CurrentTime

Correct answer: C

Explanation

The correct answer is aws:SourceIp because it specifically evaluates the public IP address of the requester. The other options do not pertain to IP address evaluation; aws:SecureTransport relates to secure transport mechanisms, aws:EpochIP is not a recognized key, and aws:CurrentTime pertains to time-based policies.