AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company utilizing AWS Organizations seeks to implement short-term credentials for third-party AWS accounts to access its organization's accounts. The access requirements include the AWS Management Console and third-party SaaS applications. To enhance trust and security, the solution must prevent two external accounts from using the same credentials. Additionally, the solution should be efficient in terms of operational effort. Which of the following solutions meets these criteria?
A
Use a bearer token authentication with OAuth or SAML to manage and share a central Amazon Cognito user pool across multiple Amazon API Gateway APIs.
B
Implement AWS IAM Identity Center (AWS Single Sign-On), and use an identity source of choice. Grant access to users and groups from other accounts by using permission sets that are assigned by account.
C
Create a unique IAM role for each external account. Create a trust policy using AWS Secrets Manager to create a random external key.
D
Create a unique IAM role for each external account. Create a trust policy that includes a condition that uses the sts:ExternalId condition key.