A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS Infrastructure. Which of the following solutions would provide the MOST scalable solution?
A) Create dedicated IAM users within each AWS account that employees can assume though federation based upon group membership in their existing identity provider.
B) Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider. Use cross-account roles to allow the federated users to assume their target role in the resource accounts.
C) Configure the AWS Security Token Service to use Kerberos tokens so that users can use their existing corporate user names and passwords to access AWS resources directly.
D) Configure the IAM trust policies within each account's role to set up a trust back to the corporation's existing identity provider, allowing users to assume the role based off their SAML token.
Correct Answer:
Verified
Q220: A company needs to migrate several applications
Q221: During a manual review of system logs
Q222: An application running on Amazon EC2 instances
Q223: A company requires that SSH commands used
Q224: A large company wants its Compliance team
Q226: A company needs a forensic-logging solution for
Q227: A company's web application is hosted on
Q228: A company has a compliance requirement to
Q229: A company needs to retain log data
Q230: A company uses an Amazon S3 bucket
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents