Answer-first summary for fast verification
Answer: Delegate access by creating an IAM role in the company's account for the vendor's IAM role and attaching necessary policies.
The correct answer is A. By creating an IAM role in the company's AWS account and delegating access to the vendor's IAM role, the company can ensure that the vendor's automated tool can assume the necessary role and obtain the required permissions. This approach adheres to AWS best practices for cross-account access, as it allows the vendor to use their existing IAM role and leverages the principle of least privilege by creating a dedicated role with specific permissions in the company's account. Other options like creating an IAM user (B) or group (C) are not as secure or scalable and may not align with AWS best practices. Option D is not applicable in this context as it is used for federated identities.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How should a solutions architect grant an external vendor access to perform work in the company's AWS account, given the vendor's automated tool is hosted in their own AWS account and they lack IAM access?
A
Delegate access by creating an IAM role in the company's account for the vendor's IAM role and attaching necessary policies.
B
Create an IAM user in the company's account with a strong password and attach necessary policies.
C
Form an IAM group in the company's account, include the vendor's tool's IAM user, and attach necessary policies.
D
Establish a new identity provider in the IAM console using 'AWS account' type, input the vendor's account ID and username, and attach necessary policies.