Topic 1 Question 222
A company is planning to create an organization by using AWS Organizations. The company needs to integrate user management with the company’s external identity provider (IdP). The company also needs to centrally manage access to all of its AWS accounts and applications from the organization’s management account.
Which solution will meet these requirements?
Configure AWS Directory Service with the external IdP. Create IAM policies and associate them with users from the external IdP.
Enable AWS IAM Identity Center and use the external IdP as the identity source. Create permission sets and account assignments by using IAM Identity Center.
Configure AWS Identity and Access Management (IAM) to use the external IdP as an IdP. Create IAM policies and associate them with users from the external IdP.
Enable Amazon Cognito in the organization’s management account. Create an identity pool and associate it with the external IdP. Create IAM roles and associate them with the identity pool.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: B
The best solution for integrating user management with an external identity provider (IdP) and centrally managing access to all AWS accounts and applications is B. Enable AWS IAM Identity Center and use the external IdP as the identity source. Create permission sets and account assignments by using IAM Identity Center.
AWS IAM Identity Center (formerly AWS Single Sign-On) allows you to connect your external IdP, such as Okta or Microsoft Entra ID, using SAML 2.0 or SCIM protocols1. This setup enables centralized management of user access across all AWS accounts and applications within your organization
👍 2IPLogic2024/12/05 - 正解だと思う選択肢: D
D is more scalable
👍 1jdx0002024/11/27 - 正解だと思う選択肢: B
Amazon Cognito is intended for managing access to user-facing applications, not for centralized management of AWS accounts and resources in an organization so D doesn't work.
👍 1HappyG2024/11/30
シャッフルモード