Which RQL query will help create a custom identity and access management (IAM) policy to alert on Lambda functions that have permission to terminate EC2 instances?
Which RQL query will help create a custom identity and access management (IAM) policy to alert on Lambda functions that have permission to terminate EC2 instances?
The RQL query that creates a custom IAM policy to alert on Lambda functions with permission to terminate EC2 instances needs to specify the 'source' and 'dest' services correctly. The correct query should identify the source cloud service as 'lambda' and resource type as 'function', while the destination service is 'ec2'. It should also ensure the specific action 'ec2:TerminateInstances' is mentioned. Therefore, the correct answer is 'iam from cloud.resource where dest.cloud.type = ’AWS’ AND source.cloud.service.name = ’lambda’ AND source.cloud.resource.type = ’function’ AND dest.cloud.service.name = ’ec2’ AND action.name = ’ec2:TerminateInstances’.'
config from iam cource.cloud.type = 'function'