Which solution will meet these requirements?

By:
On:
In: SAA-C03
Tagged:
With: 0 Comments
A solutions architect is designing an AWS Identity and Access Management (IAM) authorization model for a company’s AWS account.The company has designated five specific employees to have full access to AWS services and resources in the AWS account.The solutions architect has created an IAM user for each of the five designated employees and has created an IAM user group.

Which solution will meet these requirements?

Attach the AdministratorAccess resource-based policy to the IAM user group. Place each of the five designated employee IAM users in the IAM user group.

Attach the SystemAdministrator identity-based policy to the IAM user group. Place each of the five designated employee IAM users in the IAM user group.

Attach the AdministratorAccess identity-based policy to the IAM user group. Place each of the five designated employee IAM users in the IAM user group.

Attach the SystemAdministrator resource-based policy to the IAM user group. Place each of the five designated employee IAM users in the IAM user group.

Explanations:

Resource-based policies are attached to resources, not groups or users. The correct policy type is identity-based.

The SystemAdministrator policy is not a valid managed AWS policy, and does not provide full administrative access.

The AdministratorAccess identity-based policy grants full access to all AWS services and resources, and attaching it to the IAM user group provides the intended permissions.

Similar to option A, resource-based policies cannot be used in this context for user groups.

Leave a Reply

Your email address will not be published. Required fields are marked *

two + 10 =