Ultimate access to all questions.
AnyCompany utilizes AWS Organizations for managing multiple AWS accounts. Upon acquiring Example Corp, the latter's AWS account was integrated into AnyCompany's management account via an Organizations invitation. The new member account was subsequently placed under an Organizational Unit (OU) specifically designated for Example Corp. A DevOps engineer at AnyCompany possesses an IAM user that assumes the role of OrganizationAccountAccessRole to access member accounts, which is configured with a policy granting full access. However, when attempting to assume this role in Example Corp's new member account through the AWS Management Console, the engineer encounters an error message stating, "Invalid information in one or more fields. Check your information or contact your administrator." What corrective action should be taken to enable the DevOps engineer to access Example Corp's new member account?
A
In the management account, grant the DevOps engineer's IAM user permission to assume the OrganizationAccountAccessRole IAM role in the new member account.
B
In the management account, create a new Service Control Policy (SCP). Within the SCP, grant the DevOps engineer's IAM user full access to all resources in the new member account. Attach the SCP to the OU containing the new member account.
C
In the new member account, create a new IAM role named OrganizationAccountAccessRole. Attach the AdministratorAccess AWS managed policy to this role. In the role's trust policy, grant the management account permission to assume the role.
D
In the new member account, edit the trust policy for the existing OrganizationAccountAccessRole IAM role. Update the trust policy to grant the management account permission to assume the role.