A developer is creating a proof of concept for a new software as a service (SaaS) application. The application is in a shared development AWS account that is part of an organization in AWS Organizations. The developer needs to create service-linked IAM roles for the AWS services that are being considered for the proof of concept. The solution needs to give the developer the ability to create and configure the service-linked roles only. Which solution will meet these requirements?

Topic #: - All AWS Certified DevOps Engineer - Professional DOP-C02 Questions

A. Create an IAM user for the developer in the organization’s management account. Configure a cross-account role in the development account for the developer to use. Limit the scope of the cross-account role to common services.
B. Add the developer to an IAM group. Attach the PowerUserAccess managed policy to the IAM group. Enforce multi-factor authentication (MFA) on the user account.
C. Add an SCP to the development account in Organizations. Configure the SCP with a Deny rule for iam:* to limit the developer’s access.
D. Create an IAM role that has the necessary IAM access to allow the developer to create policies and roles. Create and attach a permissions boundary to the role. Grant the developer access to assume the role.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion