AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your enterprise manages user identities and permissions through its centralized directory service. You need to allow these users to access cloud resources without creating individual cloud service accounts for them. What is the most appropriate solution for extending your enterprise directory service for secure, federated access to these resources?
Establish a SAML 2.0 federation between the enterprise directory and cloud identity service for role assumption in the cloud.
Provide each entity in the directory with static access credentials to programmatically manage resources in the cloud.
Create individual user accounts within the cloud for each entity in the enterprise directory and manage permissions directly.
Implement a dedicated network connection from the enterprise to the cloud provider, facilitating secure access to cloud resources.
The most suitable solution involves setting up federation using a Security Assertion Markup Language (SAML) 2.0 integration between the enterprise directory service and a cloud identity service that supports SAML to provide access to roles within the cloud environment. This setup allows enterprise users to authenticate using their existing directory credentials and assume pre-configured roles to access needed resources. This approach is scalable, secure, avoids duplication of identity repositories, and adheres to best practices.
Other options, such as creating individual cloud service user accounts for each identity in the directory service, are not scalable, increase administrative overhead, and are not secure. Enabling individual static keys is a poor security practice and does not leverage the existing directory. Configuring network connectivity does not establish identity federation or enable a unified sign-on experience.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML 2.0 and how does it work?
Open an interactive chat with Bash
What are the benefits of using a federated identity management system?
Open an interactive chat with Bash
What does role assumption mean in the context of cloud resources?