AWS Certified Solutions Architect Associate SAA-C03 Practice Question
Your organization needs a strategy that allows software engineers to manage AWS resources in an isolated development environment without creating individual user accounts in this environment. What is the most secure and maintainable way to achieve this, adhering to AWS best practices?
Distribute individual access credentials for the isolated development environment to each software engineer.
Prohibit all direct management of resources within the isolated development environment to maintain strict security.
Create a role within the development environment with the required permissions that can be assumed by engineers from their originally authenticated accounts.
Configure a shared service account that all software engineers use to manage resources in the development environment.
Implementing a cross-account access strategy by creating a role with the necessary permissions in the development environment that can be assumed by engineers from their existing accounts is in line with AWS best practices and securely facilitates the required access. This approach centralizes user management and allows for a streamlined permission model without creating additional users in multiple accounts. Assigning unique credentials for each development account would introduce unnecessary overhead and complicates credential management. Providing a service account is not a user-centric access solution and typically does not cater to individual permissions, risking over-privileged access. Lastly, restricting access entirely defeats the purpose of the requirement and does not provide a solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is cross-account access in AWS?
Open an interactive chat with Bash
What are IAM roles and how do they work?
Open an interactive chat with Bash
Why is it best practice to avoid sharing service accounts?