Which combination of actions should the solutions architect take to accomplish this goal?
(Choose two.)
Have the deployment engineer use AWS account roof user credentials for performing AWS CloudFormation stack operations.
Create a new IAM user for the deployment engineer and add the IAM user to a group that has the PowerUsers IAM policy attached.
Create a new IAM user for the deployment engineer and add the IAM user to a group that has the Administrate/Access IAM policy attached.
Create a new IAM User for the deployment engineer and add the IAM user to a group that has an IAM policy that allows AWS CloudFormation actions only.
Create an IAM role for the deployment engineer to explicitly define the permissions specific to the AWS CloudFormation stack and launch stacks using Dial IAM role.
Explanations:
Using the root account for any operational tasks is not compliant with the principle of least privilege. It grants excessive permissions that can lead to security risks. Best practices dictate that individual IAM users should be created with specific permissions instead.
The PowerUsers IAM policy provides broad permissions that allow the user to manage all AWS services and resources except for IAM. This does not adhere to the principle of least privilege, as it grants more permissions than necessary for the deployment engineer’s specific tasks.
The Administrators/Access IAM policy grants full access to all AWS services and resources, violating the principle of least privilege. A deployment engineer should only have permissions necessary for deploying and managing CloudFormation stacks, not unrestricted access.
This option aligns with the principle of least privilege by limiting the deployment engineer’s permissions to only those required to perform AWS CloudFormation actions. It ensures that the user can create and manage stacks without unnecessary permissions to other AWS resources.
Creating an IAM role with specific permissions for AWS CloudFormation allows the deployment engineer to perform tasks related to CloudFormation while enforcing the principle of least privilege. It ensures that permissions are tightly scoped to only what is required for stack operations.