AWS Certified Solutions Architect Associate SAA-C03 Practice Question
You have been tasked with designing a solution for your company that allows existing corporate network users to obtain temporary credentials to interact with console and programmatic interfaces, streamlining the sign-on process and avoiding separate user management. Which method would you employ to facilitate this?
Integrate the corporate directory with identity federation to assign permissions through temporary security credentials.
Implement a proprietary authentication solution specific to the company's internal systems for granting access.
Distribute long-term security credentials to users for manual configuration of access to the necessary interfaces.
Create individual IAM users corresponding to each member of the workforce and manage permissions directly.
The process of federation involves the integration of an external directory service with IAM roles. By setting up federation, users authenticate with their local credentials on their existing directory system and then receive temporary security credentials to operate on the console or interact with services via APIs or CLI. This method honors the principle of least privilege and simplifies credential management while providing secure access. Manually creating IAM users is redundant and insecure for large enterprise environments. Assigning long-term credentials goes against security best practices, making them a poor choice. Lastly, developing a bespoke authentication portal partial to the corporation's internal system does not use AWS built-in mechanisms for secure access management and is less efficient and potentially less secure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is identity federation, and how does it work with AWS?
Open an interactive chat with Bash
What are temporary security credentials, and why are they important?
Open an interactive chat with Bash
What is the principle of least privilege, and how does it apply to AWS?