AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An organization needs to allow applications hosted on virtual servers to access other resources without embedding credentials or using individual user identities. Which feature should be used to achieve this requirement in a secure and scalable manner?
Utilize roles that can be assumed by the applications
Group the applications into a managed policy
Assign individual user accounts to each application
Using roles is the recommended way to securely delegate permissions for applications running on virtual servers. Roles can be assumed by anyone or anything that is granted access, which eliminates the need for embedding credentials in the applications. Moreover, roles can provide temporary security credentials to applications to interact with other resources. In contrast, individual user accounts are meant for human access and embedding their credentials can be less secure and harder to manage. Groupings are used to assign permissions to multiple users, not applications. SCPs are used in organizational policies to govern permissions and are not the direct means for applications to access resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are roles in AWS and how do they work?
Open an interactive chat with Bash
What are temporary security credentials in the context of AWS roles?
Open an interactive chat with Bash
What are IAM policies and how do they relate to roles?