What should the solutions architect do to create IAM users in the new member account?
Sign in to the AWS Management Console with AWS account root user credentials by using the 64-character password from the initial AWS Organizations email sent to [email protected]. Set up the IAM users as required.
From the master account, switch roles to assume the OrganizationAccountAccessRole role with the account ID of the new member account. Set up the IAM users as required.
Go to the AWS Management Console sign-in page. Choose ג€Sign in using root account credentials.ג€ Sign in by using the email address [email protected] and the master account’s root password. Set up the IAM users as required.
Go to the AWS Management Console sign-in page. Sign in by using the account ID of the new member account and the Support1 IAM credentials. Set up the IAM users as required.
Explanations:
Signing in with the root user credentials using the initial AWS Organizations email is not recommended due to security best practices. The root account should only be used for initial setup or billing purposes.
Switching roles to assume the OrganizationAccountAccessRole allows the solutions architect to access the new member account directly from the master account and create IAM users as needed. This is the appropriate and secure method.
Signing in with the root account using the master account’s credentials is not valid; each AWS account has its own root user credentials. Additionally, using the root account for routine tasks is discouraged for security reasons.
Using the Support1 IAM credentials from the master account to sign in to the new member account is not valid, as IAM users from the master account cannot directly access member accounts without assuming a role or using separate credentials for that account.