Answer-first summary for fast verification
Answer: Customers should set up an IAM role with read access to EC2 and CloudWatch, and configure trust for the company's account.
The most secure way for the company to access customer AWS accounts is by having customers create an IAM role in their account with the necessary read-only permissions for EC2 and CloudWatch, and configure a trust policy to the company's account. This method ensures that access is controlled and audited by the customers, and it leverages temporary credentials that can be rotated and managed via AWS IAM securely. Storing long-term credentials or using less integrated solutions like Amazon Cognito would be less secure.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How should a company securely access customer AWS accounts to monitor EC2 instances and CloudWatch metrics for a new service feature?
A
Customers should set up an IAM role with read access to EC2 and CloudWatch, and configure trust for the company's account.
B
Implement a serverless API to issue temporary credentials for a role with read access to EC2 and CloudWatch.
C
Customers should create an IAM user with read access to EC2 and CloudWatch, with keys managed securely in a secrets manager.
D
Customers should establish an Amazon Cognito user linked to an IAM role with read access to EC2 and CloudWatch, with credentials stored securely.
No comments yet.