A company uses AWS IAM Identity Center (AWS SSO) integrated with their on-premises Active Directory. Developers need CLI access to AWS accounts. The security policy mandates that long-term IAM access keys must not be used. How should developers authenticate to the AWS CLI?

Answer options:

Create IAM users for developers and use AWS STS to generate temporary tokens.

Use the AWS CLI v2 to run 'aws configure sso'. Developers authenticate via their web browser to receive short-term credentials.

Deploy an EC2 instance with an IAM role and require developers to SSH into it to run CLI commands.

Use AWS Cognito to issue JWT tokens for the AWS CLI.

How to approach this question

Look for the native CLI integration for IAM Identity Center.

Full Answer

B.Use the AWS CLI v2 to run 'aws configure sso'. Developers authenticate via their web browser to receive short-term credentials.✓ Correct

AWS CLI v2 integrates directly with IAM Identity Center. 'aws configure sso' allows users to authenticate via a browser and automatically retrieves short-term credentials.

Common mistakes

Assuming IAM users are required for CLI access.

Question 08 All questions Question 10

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6

75 questions · hints · full answers · grading

More questions from this exam

Q01A global enterprise requires highly available hybrid connectivity between its on-premises data ce...Hard Q02An organization has 50 VPCs across two AWS Regions connected via Transit Gateways (TGW). The TGWs...Hard Q03A company uses AWS Organizations. The network team wants to share a central Transit Gateway (TGW)...Medium Q04An enterprise has on-premises data centers in the US and Europe. They want to use the AWS global ...Hard Q05A company requires that all API calls to Amazon S3 from their VPC must not traverse the public in...Medium

View all 75 questions →