A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS Infrastructure. Which of the following solutions would provide the MOST scalable solution?

Topic #: - All AWS Certified Security - Specialty Questions

A. Create dedicated IAM users within each AWS account that employees can assume though federation based upon group membership in their existing identity provider.
B. Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider. Use cross-account roles to allow the federated users to assume their target role in the resource accounts.
C. Configure the AWS Security Token Service to use Kerberos tokens so that users can use their existing corporate user names and passwords to access AWS resources directly.
D. Configure the IAM trust policies within each account’s role to set up a trust back to the corporation’s existing identity provider, allowing users to assume the role based off their SAML token.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS Infrastructure. Which of the following solutions would provide the MOST scalable solution?

Suggested Answer:

Share this post

Join the Discussion