A company is managing multiple AWS accounts in AWS Organizations. The company is reviewing internal security of its AWS environment. The company’s security administrator has their own AWS account and wants to review the VPC configuration of developer AWS accounts.
Which solution will meet these requirements in the MOST secure manner?
The most secure way to allow the security administrator to review the VPC configuration of developer AWS accounts is by creating an IAM policy in each developer account that provides read-only access to VPC resources and assigning this policy to a cross-account IAM role. The security administrator can then assume this role from their own account. This method ensures the principle of least privilege by granting only the necessary permissions and avoids the security risks associated with sharing user credentials.
The most secure way for the security administrator to review the VPC configuration of developer AWS accounts would be to create an IAM policy in each developer account that has read-only access related to VPC resources and assign the policy to a cross-account IAM role. The security administrator can then assume the role from their own account to review the VPC configuration. This approach avoids sharing user credentials and provides the security administrator with the necessary permissions to review the VPC configuration without granting unnecessary access. So, the correct answer would be D. Create an IAM policy in each developer account that has read-only access related to VPC resources. Assign the policy to a cross-account IAM role. Ask the security administrator to assume the role from their account.
The most secure way to provide access between AWS accounts is by using IAM roles with cross-account access. And also, the security administrator only needs read-only access to review the VPC configuration.
D because I am D best admin in the world right now.
d..........
When you set permissions with IAM policies, grant only the permissions required to perform a task. You do this by defining the actions that can be taken on specific resources under specific conditions, also known as least-privilege permissions. https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
security administrator has their own AWS account so you should use cross-account and read only to follow least privilege principle
D is the answer
D , AWS = AlWays aSume the role
Answer C; a dev account with read-only access to VPC is ok whereas a dev account with admin access to VPC requires review.
Answer C; a dev account with read-only access to VPC is ok whereas a dev account with admin access to VPC requires review.
A, D --> read-only access. D: cross-account IAM role --> Choose D.
read-only --> A, D. Assign policy to an IAM user --> remove A. Choose D.