AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
A company employs SAML federation for user access to AWS accounts. Their workload, hosted in a separate AWS account, operates on immutable infrastructure without direct human access to Amazon EC2 instances. In the event of SAML errors, a designated 'break glass' user is required to access the workload account and instances. An audit revealed the absence of such a user in the workload account. The company needs to establish this user and ensure all their activities are logged and reported to the security team. Which two solutions would effectively meet these requirements?
A company employs SAML federation for user access to AWS accounts. Their workload, hosted in a separate AWS account, operates on immutable infrastructure without direct human access to Amazon EC2 instances. In the event of SAML errors, a designated 'break glass' user is required to access the workload account and instances. An audit revealed the absence of such a user in the workload account. The company needs to establish this user and ensure all their activities are logged and reported to the security team. Which two solutions would effectively meet these requirements?
Exam-Like