Answer: Create an IAM policy that grants least privilege permission. Attach the policy to the IAM groups

## Explanation The correct answer is **C** because: 1. **IAM Groups with Policies**: IAM groups are specifically designed to manage permissions for multiple users. By creating an IAM policy with least privilege permissions and attaching it to IAM groups, you ensure that all users in those groups inherit the same permissions. 2. **Least Privilege Principle**: Creating a policy with least privilege permission ensures users only have the minimum permissions needed to perform their job functions, which is a fundamental security best practice. 3. **Why not other options**: - **A**: Service Control Policies (SCPs) are used in AWS Organizations to set maximum permissions for accounts in an organization, not for managing individual user permissions within IAM. - **B**: IAM roles are not attached to IAM groups. Roles are assumed by users, services, or applications, not attached to groups. This approach is incorrect. - **D**: While permissions boundaries can define maximum permissions, this approach creates unnecessary complexity. Permissions boundaries are typically used for delegated administration scenarios, not for standard user permission management through groups. 4. **Best Practice**: The standard AWS security best practice is to: - Create IAM groups based on job functions or departments - Create IAM policies with least privilege permissions - Attach those policies to the groups - Add users to the appropriate groups This approach is scalable, maintainable, and follows the principle of least privilege while leveraging AWS's built-in group management capabilities.

Author: LeetQuiz Editorial Team