Topic 1 Question 309
3 つ選択A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies.
A solutions architect needs to allow an IAM user in Account A to assume a role in Account B.
Which combination of steps must the solutions architect take to meet this requirement?
Configure the SCP for Account A to allow the action.
Configure the resource-based policies to allow the action.
Configure the identity-based policy on the user in Account A to allow the action.
Configure the identity-based policy on the user in Account B to allow the action.
Configure the trust policy on the target role in Account B to allow the action.
Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.
ユーザの投票
コメント(12)
Answer: C, E, F Attach a policy to the IAM user in Account A > Trust Policy in Account B > GetSessionToken API operation
👍 7airgead2023/10/28- 正解だと思う選択肢: CEF
SCPs should not have to do anything witht his
👍 3KungLjao2023/10/29 - 正解だと思う選択肢: BCE
- C) Attach an identity-based policy to the IAM user in Account A (allowed to assume IAM role in Acccount B)
- E) Configure the trust policy on the target role in Account B (accountID of the trusted account which is Account A)
- B) Configure a resource-based policy which allows certain actions on resources which reside in Account B)
reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
👍 3Andres1234562023/11/07
シャッフルモード