What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
AWS IAM groups
AWS IAM users
AWS IAM roles
AWS IAM access keys
Explanations:
AWS IAM groups are used to manage permissions for IAM users within AWS, but they do not directly map to Active Directory user attributes. They can help organize users in AWS but do not facilitate access control based on AD attributes.
AWS IAM users are specific to AWS and do not correspond to the identities in Active Directory. Creating IAM users does not leverage the existing Active Directory identities, which is the company’s goal.
AWS IAM roles can be used to map permissions to identities from Active Directory using AWS Directory Service. By creating roles and assigning them based on AD user attributes, the company can effectively control access to AWS resources.
AWS IAM access keys are used for programmatic access to AWS services by IAM users or roles but do not relate to mapping permissions based on Active Directory attributes. They are not a method for integrating or mapping user identities.