Your organization has four instances for production and another four for testing. You are asked to set up a group of IAM users that can only access the four production instances and not the other four testing instances. How will you achieve this?
We can achieve this by defining tags on the test and production instances and then adding a condition to the IAM policy that allows access to specific tags.