A company is seeking a scalable solution for managing multi-account authentication and authorization within AWS, utilizing only native AWS services. AWS Organizations is fully activated, and AWS IAM Identity Center (formerly AWS Single Sign-On) is enabled. What should the security engineer do next to finalize the setup for employee access across multiple AWS accounts?

Exam-Like

Use AD Connector to create users and groups for all employees needing AWS access. Assign these groups to specific AWS accounts and link them to IAM roles based on job functions and access needs. Direct employees to use the AWS Directory Service user portal for access.

0.0%

Employ the IAM Identity Center default directory to create users and groups for all employees needing AWS access. Assign these groups to specific AWS accounts and link them to permission sets based on job functions and access needs. Instruct employees to use the IAM Identity Center user portal for access.

100.0%

Utilize the IAM Identity Center default directory to create users and groups for all employees needing AWS access. Link these groups to existing IAM users across all accounts to inherit permissions. Guide employees to use the IAM Identity Center user portal for access.

0.0%

Set up AWS Directory Service for Microsoft Active Directory to create users and groups for all employees needing AWS access. Enable AWS Management Console access within the directory and specify IAM Identity Center as the source for integrated accounts and permission sets. Instruct employees to use the AWS Directory Service user portal for access.

0.0%

AWS Certified Security - Specialty

Get started today

Comments