Topic 1 Question 81
A company uses AWS Organizations. The company wants to implement short-term credentials for third-party AWS accounts to use to access accounts within the company's organization. Access is for the AWS Management Console and third-party software-as-a-service (SaaS) applications. Trust must be enhanced to prevent two external accounts from using the same credentials. The solution must require the least possible operational effort.
Which solution will meet these requirements?
Use a bearer token authentication with OAuth or SAML to manage and share a central Amazon Cognito user pool across multiple Amazon API Gateway APIs.
Implement AWS IAM Identity Center (AWS Single Sign-On), and use an identity source of choice. Grant access to users and groups from other accounts by using permission sets that are assigned by account.
Create a unique IAM role for each external account. Create a trust policy Use AWS Secrets Manager to create a random external key.
Create a unique IAM role for each external account. Create a trust policy that includes a condition that uses the sts:ExternalId condition key.
ユーザの投票
コメント(10)
- 正解だと思う選択肢: D👍 3kejam2023/11/30
- 正解だと思う選択肢: D
D will do it. The rest are distractors / incorrect
👍 2[Removed]2023/11/24 - 正解だと思う選択肢: D
What is an external ID: An external ID is a unique identifier that is managed by a third-party identity provider (IdP). It's used to verify the identity of a user without requiring them to have an AWS IAM account.
Creating a role with an external ID:
You can create a role in your AWS account and specify an external ID source (e.g., SAML provider, OIDC provider). You can define trust relationships between the role and the external IdP. This ensures that only authorized users with the correct external ID can assume the role. You can attach IAM policies to the role to grant specific permissions to access AWS resources.
👍 2WeepingMaplte2023/12/16
シャッフルモード