AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company uses multiple cloud accounts for different teams to isolate their resources. The company wants to enable team members from one account to access specific resources in another account while following security best practices and reducing management complexity. What is the MOST secure and efficient method to achieve this?
Establish a VPN connection between the accounts to share resources.
Set up an IAM role in the target account and allow users from the other account to assume the role.
Use the token service to generate temporary credentials and distribute them to the team needing access.
Create IAM users in the target account and share their credentials with the other team.
Setting up an IAM role in the target account with the necessary permissions and allowing users from the source account to assume this role is the most secure and efficient solution. This method leverages AWS Security Token Service (STS) to provide temporary credentials when users assume the role, adhering to AWS security best practices and reducing the need to manage multiple user accounts. Creating IAM users in the target account and sharing credentials is not secure and increases administrative overhead. Manually generating and distributing temporary credentials is not efficient and poses security risks compared to using roles. Establishing a VPN connection addresses network connectivity but does not provide the necessary access control.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an IAM role in AWS?
Open an interactive chat with Bash
What is AWS Security Token Service (STS)?
Open an interactive chat with Bash
How does assuming a role help with security best practices?