Which combination of actions should the company take to meet these requirements while following the principles of least privilege?

By:
In: CLF-C02
Tagged:
With: 1 Comment
A company wants to provide one of its employees with access to Amazon RDS.The company also wants to limit the interaction to only the AWS CLI and AWS software development kits (SDKs).

Which combination of actions should the company take to meet these requirements while following the principles of least privilege?

(Choose two.)

Create an IAM user and provide AWS Management Console access only.

Create an IAM user and provide programmatic access only.

Create an IAM role and provide AWS Management Console access only.

Create an IAM policy with administrator access and attach it to the IAM user.

Create an IAM policy with Amazon RDS access and attach it to the IAM user.

Explanations:

This option provides AWS Management Console access, which is not aligned with the requirement to limit interaction to only the AWS CLI and SDKs.

This option creates an IAM user with programmatic access only, allowing the employee to interact with AWS services via the AWS CLI and SDKs, adhering to the principle of least privilege.

This option provides AWS Management Console access through an IAM role, which is not suitable as the requirement specifies limiting access to only the AWS CLI and SDKs.

This option grants administrator access, which is excessive and does not follow the principle of least privilege, as it allows broader access than necessary.

This option creates an IAM policy with specific Amazon RDS access, which can be attached to the IAM user, ensuring that the employee has only the necessary permissions to access RDS through the CLI and SDKs.

2025-10-22

1 Comment

  1. Patricia
    Author

    As I recall, the answer is:
    Create an IAM user and provide programmatic access only.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty + 7 =