AWS DevOps Engineer Professional DOP-C01 – Question507 - AWS DevOps Engineer Professional DOP-C01

A root account has created an IAM group and defined the policy as:

What will this policy do?

A. Allow this group to view the password policy of all the users added only to that group
B. Allow all the users of IAM to modify their password
C. Allow an IAM user in this group to view the password policy and modify only his/her password
D. Allow this group to view the password policy of all the IAM users

Correct Answer: C

Explanation:

Explanation:
This IAM policy grants access to the ChangePassword action, which lets the users use the console, the CLI, or the API to change their passwords. The Resource element uses a policy variable (aws:username), which is useful in policies that are attached to groups. The aws:username key resolves to the name of the current IAM user when a request is made, so that each user is allowed permission to change only his or her own password . This policy will allow all the users of this group to modify the passwords of all the IAM users.
Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/HowToPwdIAMUser.html