Ultimate access to all questions.
In an AWS environment utilizing AWS Organizations and AWS IAM Identity Center (AWS Single Sign-On), a security engineer is tasked with creating a custom permission set that includes an AWS managed policy and a customer managed policy. This permission set is intended to be used across multiple AWS accounts. However, when attempting to assign this permission set to an IAM Identity Center user who has access to multiple accounts, the assignment process fails. The security engineer, who has full administrative permissions and is operating in the management account, needs to resolve this issue. What corrective action should the security engineer take to successfully assign the permission set?
A
Create the customer managed policy in every account where the permission set is assigned. Give the customer managed policy the same name and same permissions in each account.
B
Remove either the AWS managed policy or the customer managed policy from the permission set. Create a second permission set that includes the removed policy. Apply the permission sets separately to the user.
C
Evaluate the logic of the AWS managed policy and the customer managed policy. Resolve any policy conflicts in the permission set before deployment.
D
Do not add the new permission set to the user. Instead, edit the user's existing permission set to include the AWS managed policy and the customer managed policy.