AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
A company is launching an application with metrics displayed on an Amazon CloudWatch dashboard. The product manager, lacking an AWS account, requires periodic access following the principle of least privilege. What is the appropriate solution for granting access?
A company is launching an application with metrics displayed on an Amazon CloudWatch dashboard. The product manager, lacking an AWS account, requires periodic access following the principle of least privilege. What is the appropriate solution for granting access?
Explanation:
The correct option is B because creating an IAM user ensures that access is granted following the principle of least privilege. By assigning the CloudWatchReadOnlyAccess AWS managed policy to the user, the product manager is granted the necessary permissions to view the CloudWatch dashboard without any additional access they do not need. Option A, while convenient, does not align with AWS best practices since directly sharing dashboards via email does not provide granular access control. Options C and D provide more permissions or complexity than required, thus not adhering to the principle of least privilege.