AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An enterprise with distinct departments needs to ensure managed, independent access to their cloud resources within a shared environment. The configuration should enable department-specific resource management and enforce the least privilege access principle. As a solutions architect, which option would you recommend to achieve this goal?
Set up groups corresponding to the enterprise's internal structure with attached permissions, ensuring each group's access is limited to resources necessary for their operations.
Utilize a central governance mechanism to broadly restrict services accessible by each department without individualized access controls.
Implement role-switching for different teams to grant them temporary access to other departments' resources when required.
Create separate user accounts with individualized permissions tailored to each member's role in the enterprise to manage resource access manually.
Establishing groups for each department and assigning the corresponding policies necessary for their access needs would offer the best solution. This strategy enables clear role definition and privilege segregation. Users are allocated to their respective groups, simplifying the administration and modification of permissions in adherence to their roles. The incorrect choices involve strategies that either increase management complexity without providing additional value, mismatch the scenario's requirements, or fail to offer the precise control needed for departmental resource access within a common environment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'least privilege access principle' mean?
Open an interactive chat with Bash
How do AWS Identity and Access Management (IAM) groups work?
Open an interactive chat with Bash
What are the benefits of using IAM roles instead of individual user permissions?