Which solution will meet this requirement?
Create an IAM user and a cross-account role in the management account. Configure the cross-account role with least privilege access to the member accounts.
Create an IAM user in each member account. In the management account, create a cross-account role that has least privilege access. Grant the IAM users access to the cross-account role by using a trust policy.
Create an IAM user in the management account. In the member accounts, create an IAM group that has least privilege access. Add the IAM user from the management account to each IAM group in the member accounts.
Create an IAM user in the management account. In the member accounts, create cross-account roles that have least privilege access. Grant the IAM user access to the roles by using a trust policy.
Explanations:
Creating an IAM user and a cross-account role in the management account does not provide the necessary permissions for the IAM user to directly stop or terminate resources in member accounts without proper trust relationships in place. The cross-account role would need to be in the member accounts, not the management account.
This option suggests creating IAM users in each member account, which is unnecessary. The requirement is to manage resources using a single IAM user in the management account. Also, trust policies would not be effective in this scenario for cross-account access to terminate resources.
This option proposes creating IAM users in each member account and granting access to a group, which defeats the purpose of using a single IAM user in the management account. Additionally, this approach complicates management and does not ensure the least privilege principle effectively.
This solution allows the management account IAM user to assume cross-account roles in the member accounts. The roles can be configured with least privilege permissions, enabling the user to manage resources in both member accounts effectively while adhering to the principle of least privilege.
I calculate that the answer is:
Create an IAM user in the management account. In the member accounts, create cross-account roles that have least privilege access. Grant the IAM user access to the roles by using a trust policy.