“Which solution will give the DevOps engineer access to the new member account?

By:
On:
In: DOP-C02
Tagged:
With: 0 Comments
AnyCompany is using AWS Organizations to create and manage multiple AWS accounts.AnyCompany recently acquired a smaller company, Example Corp.During the acquisition process, Example Corp’s single AWS account joined AnyCompany’s management account through an Organizations invitation.AnyCompany moved the new member account under an OU that is dedicated to Example Corp.AnyCompany’s DevOps engineer has an IAM user that assumes a role that is named OrganizationAccountAccessRole to access member accounts.This role is configured with a full access policy.When the DevOps engineer tries to use the AWS Management Console to assume the role in Example Corp’s new member account, the DevOps engineer receives the following error message: “Invalid information in one or more fields.Check your information or contact your administrator.

“Which solution will give the DevOps engineer access to the new member account?

In the management account, grant the DevOps engineer’s IAM user permission to assume the OrganizationAccountAccessRole IAM role in the new member account.

In the management account, create a new SCP. In the SCP, grant the DevOps engineer’s IAM user full access to all resources in the new member account. Attach the SCP to the OU that contains the new member account.

In the new member account, create a new IAM role that is named OrganizationAccountAccessRole. Attach the AdministratorAccess AWS managed policy to the role. In the role’s trust policy, grant the management account permission to assume the role.

In the new member account, edit the trust policy for the OrganizationAccountAccessRole IAM role. Grant the management account permission to assume the role.

Leave a Reply

Your email address will not be published. Required fields are marked *

four × 5 =