AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company is transitioning its development and production environments to a new AWS Organization, establishing distinct member accounts for each environment. Consolidated billing is associated with the management account. The task at hand involves creating an IAM user within the management account that possesses the capability to halt or terminate resources across both the development and production member accounts. What strategy should be employed to fulfill this requirement?
A
Develop an IAM user and a cross-account role within the management account, ensuring the cross-account role is configured with the minimum necessary permissions to interact with the member accounts.
B
Establish an IAM user in each member account, and within the management account, devise a cross-account role with restricted access. Utilize a trust policy to allow the IAM users to assume this role.
C
Generate an IAM user in the management account, and in the member accounts, set up an IAM group with limited permissions. Include the IAM user from the management account in each of these IAM groups.
D
Forge an IAM user in the management account, and within the member accounts, craft cross-account roles with minimal access rights. Employ a trust policy to enable the IAM user to assume these roles.