Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

By: study aws cloud

On: January 7, 2025

Tagged: Cloud Practitioner

With: 0 Comments

A company has teams that have different job roles and responsibilities.The company’s employees often change teams.The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.

Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

IAM user groups

IAM roles

IAM instance profiles

IAM policies for individual users

Explanations:

IAM user groups can help manage permissions for a set of users but do not offer the flexibility needed for frequent team changes, as they tie permissions to static groups rather than dynamic roles.

IAM roles are designed for temporary permissions and can be easily assumed by users when they change teams. This minimizes operational overhead as roles can be reused across teams without modifying individual user permissions directly.

IAM instance profiles are specifically used to provide permissions to EC2 instances rather than managing user permissions across teams, making them unsuitable for this requirement.

IAM policies for individual users can become cumbersome to manage as the number of users increases and permissions change frequently. This approach results in higher operational overhead compared to using roles.

Previous Post: Which solution will meet these requirements?

Next Post: Which Amazon Elastic Block Store (Amazon EBS) volume type should a solutions architect attach to their EC2 instance?

Leave a Reply Cancel reply