What is the SIMPLEST way to provide this information?
Create an IAM user account for the auditor, granting the auditor administrator permissions.
Take a screenshot of each user’s page in the AWS Management Console, then provide the screenshots to the auditor.
Download the IAM credential report, then provide the report to the auditor.
Download the AWS Trusted Advisor report, then provide the report to the auditor.
Explanations:
Creating an IAM user account for the auditor with administrator permissions poses security risks, as it grants unnecessary access to the auditor. This does not directly provide the required information and could lead to potential misuse of permissions.
Taking screenshots of each user’s page in the AWS Management Console is inefficient and prone to human error. It does not provide a comprehensive or easily interpretable report, making it a poor method for delivering the required IAM user information.
Downloading the IAM credential report is the simplest and most efficient way to provide the auditor with a complete list of IAM users, including the status of their credentials and access keys. The report is formatted and includes all necessary information in one document.
The AWS Trusted Advisor report provides general best practices for account optimization and may include IAM recommendations, but it does not specifically list all IAM users or the status of their credentials. This makes it unsuitable for the auditor’s request.
I rank that the answer is:
Download the IAM credential report, then provide the report to the auditor.
If memory serves me right, the answer is:
Download the IAM credential report, then provide the report to the auditor.