Topic 1 Question 34
A company uses identity federation to authenticate users into an identity account (987654321987) where the users assume an IAM role named IdentityRole. The users then assume an IAM role named JobFunctionRole in the target AWS account (123456789123) to perform their job functions. A user is unable to assume the IAM role in the target account. The policy attached to the role in the identity account is:
What should be done to enable the user to assume the appropriate role in the target account?Update the IAM policy attached to the role in the identity account to be:
Update the trust policy on the role in the target account to be:
Update the trust policy on the role in the identity account to be:
Update the IAM policy attached to the role in the target account to be:
ユーザの投票
コメント(8)
- 正解だと思う選択肢: B
When an user is unable to assume a role in the target account, one should check the principal element in the trust policy in the JobFunctionRole in the target account. Refer to this article to understand permission vs trust policies. https://www.linkedin.com/pulse/permission-policy-vs-trust-aws-rupesh-tiwari/
👍 5Daniel762023/12/01 Correct Answer is B
👍 3kk20002023/10/07- 正解だと思う選択肢: B
Answer B In IAM roles, use the Principal element in the role trust policy to specify who can assume the role. https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html
👍 3kejam2023/11/09
シャッフルモード