A company is implementing a new AWS environment and requires an authorization strategy that supports both internal employees and external contractors. The authorization requirements for these two groups differ significantly, with internal employees needing broader access and contractors requiring more restrictive access. How would you design an authorization strategy that accommodates these differing requirements while maintaining security and compliance?

Simulated

Use AWS Managed Policies for both groups, with more restrictive policies for contractors and broader policies for employees.

25.0%

Create custom IAM roles with specific permissions for each group based on their access requirements.

25.0%

Implement a hybrid approach using both RBAC and ABAC, with RBAC defining high-level roles and ABAC handling fine-grained access control based on attributes such as group membership.

50.0%

Rotate IAM credentials frequently for contractors to minimize the risk of unauthorized access.

0.0%

AWS Certified Security - Specialty

Get started today

Comments