AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create a new IAM role with read-only access in each member account using the OrganizationAccountAccessRole IAM role, and establish a trust relationship between these IAM roles and the security account. Instruct the security team to access the accounts using these IAM roles.

The correct answer is B. Creating a new IAM role with read-only access in each member account and establishing a trust relationship between these IAM roles and the security account is a secure and effective solution. This approach allows the security team to assume these roles and gain the necessary read-only access. This method follows best practices for cross-account access and ensures that the security team's access is limited to read-only permissions without granting unnecessary privileges.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is utilizing AWS Organizations to manage multiple AWS accounts for various departments and requires a centralized solution for the security team to have read-only access to all these accounts. The security team has its own AWS account. What is the most effective method for a solutions architect to implement this access requirement?

Exam-Like

Create a new IAM policy with read-only access in each member account using the OrganizationAccountAccessRole IAM role, and establish a trust relationship between these IAM policies and the security account. Instruct the security team to access the accounts using these IAM policies.

0.0%

Create a new IAM role with read-only access in each member account using the OrganizationAccountAccessRole IAM role, and establish a trust relationship between these IAM roles and the security account. Instruct the security team to access the accounts using these IAM roles.

100.0%

Direct the security team to use AWS Security Token Service (AWS STS) to call the AssumeRole API for the OrganizationAccountAccessRole IAM role in the management account from the security account, and use the temporary credentials generated to access the accounts.

Direct the security team to use AWS Security Token Service (AWS STS) to call the AssumeRole API for the OrganizationAccountAccessRole IAM role in each member account from the security account, and use the temporary credentials generated to access the accounts.