Which guidelines are best practices for using AWS Identity and Access Management (IAM)?
(Choose two.)
Share access keys.
Create individual IAM users.
Use inline policies instead of customer managed policies.
Grant maximum privileges to IAM users.
Use groups to assign permissions to IAM users.
Explanations:
Sharing access keys is a security risk as it allows multiple users to have the same credentials, increasing the potential for unauthorized access. Best practices recommend using individual IAM users with their own credentials instead.
Creating individual IAM users ensures that each user has their own unique credentials and permissions, enhancing accountability and security. This practice allows for better management of access rights and enables tracking of user actions.
Using inline policies can lead to management complexity and lack of reusability. Customer managed policies are preferred because they can be reused across multiple users and resources, making permissions easier to manage and audit.
Granting maximum privileges goes against the principle of least privilege, which states that users should only have the minimum permissions necessary to perform their job functions. This minimizes the risk of accidental or malicious actions.
Using groups to assign permissions allows for better management and scalability of IAM users. By assigning permissions to groups rather than individual users, it simplifies permission management and makes it easier to apply consistent access policies.
I believe the answer is:
Create individual IAM users.