Answer-first summary for fast verification
Answer: Establish cross-account IAM roles with trust policies allowing the application's role to assume access for DynamoDB table permissions.
The most secure and scalable option is to use IAM roles with cross-account access control. In each business account, create an IAM role (BU_ROLE) with a policy that grants access to the DynamoDB table and a trust policy that allows a specific role in the inventory application account to assume it. In the inventory account, create a role (APP_ROLE) with permissions to call the STS AssumeRole API. This method leverages the security best practices of temporary security credentials and cross-account access, minimizing the need for long-term access keys or secrets, and aligns well with AWS security principles.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a retail company organized across multiple AWS accounts, each with its own DynamoDB table for inventory tracking, a central application in a shared account must securely access these tables. What is the most secure authentication method to implement?
A
Use AWS Secrets Manager in the application's account for DynamoDB integration, with scheduled 30-day rotations.
B
Assign IAM users in each business account for programmatic access, with manual 30-day key rotations.
C
Establish cross-account IAM roles with trust policies allowing the application's role to assume access for DynamoDB table permissions.
D
Utilize AWS Certificate Manager for identity certificates to authenticate DynamoDB access.
No comments yet.