Answer-first summary for fast verification
Answer: Forge an IAM user in the management account, and within the member accounts, craft cross-account roles with minimal access rights. Employ a trust policy to enable the IAM user to assume these roles.
The most suitable and secure approach involves creating an IAM user in the management account and then setting up cross-account roles in the member accounts with the least privilege access necessary to perform the desired actions. The IAM user in the management account can then be granted access to these roles via a trust policy. This method ensures centralized management of user credentials while allowing necessary actions across different accounts, thereby meeting the requirement effectively.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is transitioning its development and production environments to a new AWS Organization, establishing distinct member accounts for each environment. Consolidated billing is associated with the management account. The task at hand involves creating an IAM user within the management account that possesses the capability to halt or terminate resources across both the development and production member accounts. What strategy should be employed to fulfill this requirement?
A
Develop an IAM user and a cross-account role within the management account, ensuring the cross-account role is configured with the minimum necessary permissions to interact with the member accounts.
B
Establish an IAM user in each member account, and within the management account, devise a cross-account role with restricted access. Utilize a trust policy to allow the IAM users to assume this role.
C
Generate an IAM user in the management account, and in the member accounts, set up an IAM group with limited permissions. Include the IAM user from the management account in each of these IAM groups.
D
Forge an IAM user in the management account, and within the member accounts, craft cross-account roles with minimal access rights. Employ a trust policy to enable the IAM user to assume these roles.