The CISO of a large enterprise with multiple IT departments, each with its own AWS account, wants one central place where AWS permissions for users can be managed and users authentication credentials can be synchronized with the company's existing on-premises solution. Which solution will meet the CISO's requirements?
A) Define AWS IAM roles based on the functional responsibilities of the users in a central account. Create a SAML-based identity management provider. Map users in the on-premises groups to IAM roles. Establish trust relationships between the other accounts and the central account.
B) Deploy a common set of AWS IAM users, groups, roles, and policies in all of the AWS accounts using AWS Organizations. Implement federation between the on-premises identity provider and the AWS accounts.
C) Use AWS Organizations in a centralized account to define service control policies (SCPs) . Create a SAML-based identity management provider in each account and map users in the on-premises groups to AWS IAM roles.
D) Perform a thorough analysis of the user base and create AWS IAM users accounts that have the necessary permissions. Set up a process to provision and deprovision accounts based on data in the on-premises solution.
Correct Answer:
Verified
Q444: A company has deployed an application to
Q445: A company is migrating an application to
Q446: A photo-sharing and publishing company receives 10,000
Q447: A company is running an email application
Q448: What combination of steps could a Solutions
Q450: A company wants to follow its website
Q451: A Solutions Architect is designing a system
Q452: A company has a legacy application running
Q453: A company runs an ordering system on
Q454: A company receives clickstream data files to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents