AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company has multiple AWS accounts for its development, testing, and production environments to segregate resources and manage them more efficiently. Which action would provide the developers with access to resources across these accounts while adhering to best security practices?
Create an IAM role with cross-account access permissions that developers can assume from their own account.
Apply multi-factor authentication (MFA) requirements to all production IAM users.
Create individual IAM users with the necessary permissions within each account for every developer.
Create a single master account for developers and grant it full administrative permissions in all accounts.
Creating roles in the AWS Identity and Access Management (IAM) with cross-account access permissions allows developers to assume those roles from their own account. This approach adheres to the best security practices by avoiding the creation of individual user accounts in each environment and adheres to the principle of least privilege. Making separate accounts for each role or only modifying the existing permissions in the production account do not provide the granularity and control over access to the different environments as effectively as cross-account roles. Applying MFA requirement is a security best practice but not sufficient on its own to provide the necessary cross-account access to resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM roles, and how do they work for cross-account access?
Open an interactive chat with Bash
What is the principle of least privilege and why is it important?
Open an interactive chat with Bash
What is MFA, and how does it enhance security in AWS?