ExpertMedium1 markMultiple Choice
AWS SAP-C02 · Question 24 · Domain 1.2: Security Controls
A company uses AWS IAM Identity Center (AWS SSO) for federation. They need to grant developers read-only access to production accounts, but full access to development accounts. What is the BEST way to manage this?
A company uses AWS IAM Identity Center (AWS SSO) for federation. They need to grant developers read-only access to production accounts, but full access to development accounts. What is the BEST way to manage this?
Answer options:
A.
Create IAM users in each account and assign policies.
B.
Create Permission Sets in IAM Identity Center and assign them to the developer group for the respective accounts.
C.
Use AWS Organizations SCPs to restrict developer access in production.
D.
Create cross-account IAM roles and have developers assume them.
How to approach this question
Identify the authorization mechanism within IAM Identity Center.
Full Answer
B.Create Permission Sets in IAM Identity Center and assign them to the developer group for the respective accounts.✓ Correct
Permission Sets define the level of access users or groups have to specific AWS accounts within IAM Identity Center.
Common mistakes
Using SCPs for user-level access control.
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 3
75 questions · hints · full answers · grading
More questions from this exam
Q01An enterprise has 100 VPCs across 5 AWS Regions. They need to establish a highly available, trans...HardQ02A company uses AWS Organizations. The CISO requires that no EC2 instances can be launched outside...MediumQ03An application uses Amazon Aurora PostgreSQL. To meet disaster recovery requirements, the databas...HardQ04A company is setting up a new multi-account AWS environment. They want to automate the creation o...MediumQ05An organization wants to allocate AWS costs to specific departments. They use multiple AWS accoun...Medium