Examice

Exam SCS-C02 All QuestionsBrowse all questions from this exam

Question 161

A company uses AWS Organizations. The company has more than 100 AWS accounts and will increase the number of accounts. The company also uses an external corporate identity provider (IdP).

The company needs to provide users with role-based access to the accounts. The solution must maximize scalability and operational efficiency.

Which solution will meet these requirements?

In each account, create a set of dedicated IAM users. Ensure that all users assume these IAM users through federation with the existing IdP.

Deploy an IAM role in a central identity account. Allow users to assume the role through federation with the existing IdP. In each account, deploy a set of IAM roles that match the desired access patterns. Include a trust policy that allows access from the central identity account. Edit the permissions policy for the role in each account to match user access requirements.

Enable AWS IAM Identity Center. Integrate IAM Identity Center with the company's existing IdP. Create permission sets that match the desired access patterns. Assign permissions to match user access requirements.

In each account, deploy a set of IAM roles that match the desired access patterns. Create a trust policy with the existing IdP. Update each role's permissions policy to use SAML-based IAM condition keys that are based on user access requirements.

Correct Answer: C

The most scalable and operationally efficient solution is to enable AWS IAM Identity Center (AWS Single Sign-On) and integrate it with the company's existing IdP. This approach centralizes the management of role-based access and permission sets across multiple AWS accounts, ensuring that the solution can easily scale as the number of accounts increases. It simplifies user access management by allowing centralized creation and assignment of permission sets that match the desired access patterns, reducing the operational overhead associated with managing individual IAM roles or users in each account.

Discussion

AradOption: C

C is correct.

RaniaSaeedBOption: C

This solution provides centralized management, reducing operational overhead. IAM Identity Center (AWS Single Sign-On) scales easily across multiple accounts and integrates well with external IdPs. It allows for centralized creation and management of permission sets, ensuring efficient and secure role-based access.

PegasusForever

C - Option B involves a more complex and less scalable setup. Option C, on the other hand, offers a centralized, scalable, and efficient solution for managing role-based access across a large and growing number of AWS accounts. The use of AWS IAM Identity Center simplifies the integration with external IdPs and provides a streamlined approach to managing permissions, making it the preferred choice for maximizing scalability and operational efficiency.

kupo777

C is correct. Choice B is too operationally inefficient to realize given that there are over 100 AWS accounts and the number of accounts will grow.

cumzle_comOption: B

key word : The company needs to provide users with role-based access to the accounts

aescudero51Option: B

Answer is B A. Dedicated IAM Users: This creates a massive number of identities to manage, becoming cumbersome and error-prone as the number of accounts increases. C. IAM Identity Center: While IAM Identity Center offers centralized management, it's a separate service that might introduce additional complexity in this scenario. D. SAML-based IAM condition keys: While this allows for fine-grained access control, it can become complex to manage permissions policies for a large number of roles across accounts. Therefore, option B provides the best balance between scalability, operational efficiency, and leveraging existing infrastructure for user access control.