An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?
A) Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B) Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C) Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D) Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys

Question

Quizplus · Accepted Answer

The Answer of An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?
A) Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B) Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C) Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D) Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys

An Application Is Being Developed to Audit Several AWS Accounts