Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

By:
In: CLF-C02
Tagged:
With: 2 Comments
A company has teams that have different job roles and responsibilities.The company’s employees often change teams.The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.

Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

IAM user groups

IAM roles

IAM instance profiles

IAM policies for individual users

Explanations:

IAM user groups can help manage permissions for a set of users but do not offer the flexibility needed for frequent team changes, as they tie permissions to static groups rather than dynamic roles.

IAM roles are designed for temporary permissions and can be easily assumed by users when they change teams. This minimizes operational overhead as roles can be reused across teams without modifying individual user permissions directly.

IAM instance profiles are specifically used to provide permissions to EC2 instances rather than managing user permissions across teams, making them unsuitable for this requirement.

IAM policies for individual users can become cumbersome to manage as the number of users increases and permissions change frequently. This approach results in higher operational overhead compared to using roles.

2026-03-22

2 Comments

  1. Diane
    Author

    I believe the answer is:
    IAM roles

  2. Grace
    Author

    I calculate that the answer is:
    IAM roles

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen − 4 =