Topic 1 Question 161
A company uses AWS Organizations. The company has more than 100 AWS accounts and will increase the number of accounts. The company also uses an external corporate identity provider (IdP).
The company needs to provide users with role-based access to the accounts. The solution must maximize scalability and operational efficiency.
Which solution will meet these requirements?
In each account, create a set of dedicated IAM users. Ensure that all users assume these IAM users through federation with the existing IdP.
Deploy an IAM role in a central identity account. Allow users to assume the role through federation with the existing IdP. In each account, deploy a set of IAM roles that match the desired access patterns. Include a trust policy that allows access from the central identity account. Edit the permissions policy for the role in each account to match user access requirements.
Enable AWS IAM Identity Center. Integrate IAM Identity Center with the company's existing IdP. Create permission sets that match the desired access patterns. Assign permissions to match user access requirements.
In each account, deploy a set of IAM roles that match the desired access patterns. Create a trust policy with the existing IdP. Update each role's permissions policy to use SAML-based IAM condition keys that are based on user access requirements.
ユーザの投票
コメント(7)
C - Option B involves a more complex and less scalable setup. Option C, on the other hand, offers a centralized, scalable, and efficient solution for managing role-based access across a large and growing number of AWS accounts. The use of AWS IAM Identity Center simplifies the integration with external IdPs and provides a streamlined approach to managing permissions, making it the preferred choice for maximizing scalability and operational efficiency.
👍 3PegasusForever2024/06/16- 正解だと思う選択肢: C
This solution provides centralized management, reducing operational overhead. IAM Identity Center (AWS Single Sign-On) scales easily across multiple accounts and integrates well with external IdPs. It allows for centralized creation and management of permission sets, ensuring efficient and secure role-based access.
👍 3RaniaSaeedB2024/06/21 - 正解だと思う選択肢: C
C is correct.
👍 3Arad2024/06/29
シャッフルモード