AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A corporation utilizes distinct accounts for varying stages of their software lifecycle to improve security and segregation of environments. Their policy mandates that a specialized team must be equipped to quickly respond and exercise full permissions in any of these accounts during critical incidents. Which strategy should be implemented to confer the specialized team the necessary elevated access in line with best practices for security?
Create user accounts with high-level permissions within each environment for the response team, distributing credentials as needed.
Implement organization-wide service control policies to grant the response team emergency access to all environments.
Establish roles for cross-environment access that the specialized response team can assume when elevated permissions are necessary.
Use a centralized identity management service for streamlined team authentication across all environments, avoiding specific roles for emergency situations.
Setting up roles for cross-environment access that the specialized response team can assume as needed is the correct solution. This method is a best practice as it avoids direct sharing of security credentials and ensures the principle of least privilege is maintained by allowing access on an as-needed basis. Implementing broad service control policies does not directly provide a mechanism for assuming necessary roles. Using a centralized identity management system helps streamline the authentication process but does not inherently offer the specific elevated access to separate accounts. Creating users with high-level permissions in each environment contradicts best practices, as it leads to increased credential management overhead and does not leverage the IAM role assumption feature efficiently.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are IAM roles in AWS?
Open an interactive chat with Bash
What is the principle of least privilege?
Open an interactive chat with Bash
What are service control policies (SCPs) in AWS Organizations?