AWS Certified Solutions Architect – Professional — Question 77

AWS Direct Connect itself has NO specific resources for you to control access to. Therefore, there are no AWS Direct Connect Amazon Resource Names (ARNs) for you to use in an Identity and Access Management (IAM) policy.
With that in mind, how is it possible to write a policy to control access to AWS Direct Connect actions?

Answer options

• A. You can leave the resource name field blank.
• B. You can choose the name of the AWS Direct Connection as the resource.
• C. You can use an asterisk (*) as the resource.
• D. You can create a name for the resource.

Correct answer: C

Explanation

The correct answer is C because using an asterisk (*) in IAM policies is a way to grant access to all resources of a particular type when specific ARNs are not available. Options A, B, and D are incorrect as they do not provide a valid means to specify resources for AWS Direct Connect actions where no specific resources exist.