Topic 1 Question 349
A developer needs temporary access to resources in a second account.
What is the MOST secure way to achieve this?
Use the Amazon Cognito user pools to get short-lived credentials for the second account.
Create a dedicated IAM access key for the second account, and send it by mail.
Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.
Establish trust, and add an SSH key for the second account to the IAM user.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
Here's how it works:
Create an IAM Role in the Second Account: The administrator of the second account creates an IAM role and attaches policies that grant permissions to the resources that the developer needs to access. The trust policy of the role allows the first account (the developer's account) to assume this role.
Assume the IAM Role: The developer in the first account can then call the sts:AssumeRole API operation, passing the ARN of the role to assume in the second account. If the request is successful, the response includes temporary security credentials that the developer can use to access resources in the second account.
👍 4trungtd2024/10/04 - 正解だと思う選択肢: C
C. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.
This method provides temporary, limited access to the necessary resources in the second account without sharing long-term credentials, ensuring security and adherence to best practices.
👍 4608064a2024/11/19 - 正解だと思う選択肢: C
C is the correct answer.
👍 165703c12024/11/24
シャッフルモード