AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your organization is expanding and now consists of multiple departments, each with its own dedicated cloud account. The security team needs to perform audits on storage containers located in these various accounts. Which approach would streamline permissions management and allow the necessary access?
Implement network peering to allow the security team's account unrestricted access to access storage across all departments.
Create a role in each department's account with the right to audit the storage containers, and grant the central security audit team the ability to assume this role.
Onboard each security team member as a user into every department's account and grant them individual permissions to audit storage.
Set up a centralized identity service that the security team uses to authenticate directly into each department's cloud services.
Setting up a role within each department's account with the appropriate permissions to access the storage containers, then allowing the central security team's account to assume this role, is the best solution. This approach consolidates access management within their primary account and leverages role assumption to grant access where necessary. It avoids the complications of directly managing user permissions in every department's account, which becomes difficult to maintain at scale. Using a centralized identity service can be useful for other scenarios but may be overcomplicated for this situation, and is not the best solution on its own for resource access. Network peering is irrelevant to access management as it pertains to networking, not authorization.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a role in AWS and how does it work?
Open an interactive chat with Bash
What is the difference between roles and users in AWS?
Open an interactive chat with Bash
What are the benefits of using role assumption for audit processes?