AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A corporation wants to enable its security team to audit resources in all of its subsidiary companies' accounts with minimum necessary permissions. What method should be recommended to facilitate this requirement while adhering to security best practices?
Apply granular resource policies across all services in each environment, allowing audit-level access.
Create distinct profiles for team members within each subsidiary's environment, assigning them individual access keys for manual rotation.
Implement a centralized identity management service, allowing the team to use roles with 'Audit' policy attachments in each of the subsidiary's environments.
Distribute the superuser credentials for each environment, restricting their use to the audit tasks.