The Security Team Needs to Provide a Team of Interns

The Security team needs to provide a team of interns with an AWS environment so they can build a serverless video transcoding application. The project will use Amazon S3, AWS Lambda, Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and Amazon Elastic Transcoder. The interns should be able to create and configure the necessary resources, but they may not have access to create or modify AWS IAM roles. The Solutions Architect creates a policy and attaches it to the interns' group. How should the Security team configure the environment to ensure that the interns are self-sufficient?

A) Create a policy that allows creation of project-related resources only. Create roles with required service permissions, which are assumable by the services.
B) Create a policy that allows creation of all project-related resources, including roles that allow access only to specified resources.
C) Create roles with the required service permissions, which are assumable by the services. Have the interns create and use a bastion host to create the project resources in the project subnet only.
D) Create a policy that allows creation of project-related resources only. Require the interns to raise a request for roles to be created with the Security team. The interns will provide the requirements for the permissions to be set in the role.

Correct Answer:

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Access For Free