Which solution will meet these requirements with the LEAST administrative overhead?

By:
In: SAA-C03
Tagged:
With: 1 Comment
A company runs all its business applications in the AWS Cloud.The company uses AWS Organizations to manage multiple AWS accounts.A solutions architect needs to review all permissions that are granted to IAM users to determine which IAM users have more permissions than required.

Which solution will meet these requirements with the LEAST administrative overhead?

Use Network Access Analyzer to review all access permissions in the company’s AWS accounts.

Create an AWS CloudWatch alarm that activates when an IAM user creates or modifies resources in an AWS account.

Use AWS Identity and Access Management (IAM) Access Analyzer to review all the company’s resources and accounts.

Use Amazon Inspector to find vulnerabilities in existing IAM policies.

Explanations:

Network Access Analyzer focuses on network configurations and permissions related to VPC resources, not IAM user permissions. It does not provide insights into IAM policies or user access levels.

Creating a CloudWatch alarm for IAM user actions does not review or analyze permissions; it merely tracks activity. This approach does not help in identifying excessive permissions or compliance issues.

IAM Access Analyzer helps identify resources shared with external entities and reviews permissions granted to IAM users. It can provide insights into over-permissioned IAM users with minimal administrative effort.

Amazon Inspector is designed to assess security vulnerabilities in applications and configurations, not specifically to analyze IAM policies or permissions granted to users.

2025-10-24

1 Comment

  1. Jason
    Author

    I suspect that the answer is:
    Use AWS Identity and Access Management (IAM) Access Analyzer to review all the company’s resources and accounts.

Leave a Reply

Your email address will not be published. Required fields are marked *

19 + 5 =