Answer-first summary for fast verification
Answer: Assign the IAM user to a group with a custom policy allowing only AWS CloudFormation actions., Create an IAM role with permissions specific to AWS CloudFormation for stack management.
To follow the principle of least privilege, the deployment engineer should be given only those permissions necessary for their role. Option D suggests creating an IAM user with a policy that specifically allows AWS CloudFormation actions only, ensuring that the user doesn't have broader access than needed. Option E involves creating an IAM role with permissions specific to managing AWS CloudFormation stacks, allowing for more granular control over what the engineer can do. Together, these options ensure that the deployment engineer has the minimal permissions required for their tasks, following best security practices.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A deployment engineer has joined a company and will use AWS CloudFormation to manage AWS resources. To adhere to the principle of least privilege, how should the solutions architect configure access for this new role?
A
Use the AWS account root user credentials for AWS CloudFormation operations.
B
Assign the IAM user to a group with the PowerUsers policy.
C
Assign the IAM user to a group with the AdministratorAccess policy.
D
Assign the IAM user to a group with a custom policy allowing only AWS CloudFormation actions.
E
Create an IAM role with permissions specific to AWS CloudFormation for stack management.