AWS Certified Solutions Architect Associate SAA-C03 Practice Question
As the architect for a corporation with several divisions requiring varied levels of access to cloud resources, you are charged with devising a permission structure that eases the management burden and is future-proof. Which approach would best achieve this goal?
Utilize only the cloud provider's predefined job function policies to delegate permissions correlating to divisional functions.
Craft custom policies for each individual based on their specific divisional duties.
Attach managed policies to groups correlated with the distinct divisions.
Establish a separate cloud services account for each division, creating individual access credentials per team member.
Implementing managed policies for groups aligned with each division facilitates a scalable and maintainable permission structure. This method promotes reusability and helps centralize access control changes, which can be rolled out across all associated entities effortlessly. Using policies that are directly linked to individual entities is less scalable and more cumbersome to manage for large numbers of users. Creating separate cloud accounts for each division is an unwieldy approach that may lead to higher complexity and cost. Relying solely on predefined job functions can be restrictive as they may not accurately represent the unique access needs of the organization's divisions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are managed policies in AWS?
Open an interactive chat with Bash
What is the role of IAM groups in AWS?
Open an interactive chat with Bash
Why is creating separate cloud accounts for each division impractical?