A large company has hundreds of AWS accounts. The company needs to provide its employees with access to these accounts. The solution must maximize scalability and operational efficiency. Which solution meets these requirements?
A) With each AWS account, create dedicated IAM users that employees can assume through federation based upon group membership in their existing identity provider.
B) Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider. Create a custom authorizer by using AWS SDK to give federated users the ability to assume their target role in the resource accounts.
C) Implement AWS Control Tower for multi-account management by integrating AWS Single Sign-On with the company's existing identity provider. Create IAM roles for the identity provider to assume.
D) Configure the IAM trust policies within each account's role to set up a trust back to the company's existing identity provider. Allow users to assume the role based on their SAML token.
Correct Answer:
Verified
Q272: A public subnet contains two Amazon EC2
Q273: A security engineer has noticed an unusually
Q274: An application is running on an Amazon
Q275: A large government organization is moving to
Q276: A company is undergoing a layer 3
Q278: A company has an IAM group. All
Q279: A company is hosting a web application
Q280: A company plans to create individual child
Q281: A company needs its Amazon Elastic Block
Q282: A security engineer must develop an encryption
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents