AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your organization maintains a centralized directory service for authentication and is looking to unify credentials across on-premises and cloud-based resources. To streamline this process and allow users to access the AWS Management Console with their existing corporate credentials, which service should you implement?
Set up a service that handles Single Sign-On (SSO) capabilities with a connection to the existing corporate directory services.
Use a hierarchical management console to group accounts and require sign-in via organization units (OUs).
Deploy a threat detection service that analyzes security findings to govern user access permissions.
Create gateway endpoints in a virtual private cloud (VPC) to allow password synchronization with cloud services.
The service is designed to link a corporate directory directly to the AWS environment, enabling users to log in to the AWS Management Console or perform API operations with their existing company credentials. This mitigates the necessity of creating individual IAM users for each person in the company. Instead, it allows automatic role assumption based on the corporate directory's group memberships. Other listed services don't offer direct federation capabilities with a corporate directory. Although gateway endpoints can restrict access to certain AWS services, they do not provide identity federation. GuardDuty is a monitoring service focused on security and does not deal with identity management. Organizations primarily manage account hierarchies and have no direct mechanism for directory service federation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Single Sign-On (SSO) and how does it work?
Open an interactive chat with Bash
What is a corporate directory service, and how does it relate to AWS?
Open an interactive chat with Bash
What are IAM roles and how do they interact with corporate directory groups?