Which solution will meet these requirements with the LEAST effort?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
A company has provided an externally hosted third-party vendor product with access to the company’s AWS account.The vendor product performs various AWS actions in the AWS account and requires various IAM permissions.The company granted the access by creating an IAM user, associating IAM policies and inserting the IAM user credentials into the vendor product.A security review reveals that the vendor’s access is overly permissive.The company wants to apply the principle of least privilege and wants to continue giving the vendor permissions to perform only the actions that the vendor has performed in the last 6 months.

Which solution will meet these requirements with the LEAST effort?

Use AWS Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s AWS CloudTrail history. Replace the IAM user policy with the newly generated policy.

Use AWS Identity and Access Management Access Analyzer to generate a new IAM policy based on the IAM user’s AWS CloudTrail history. Attach the newly generated policy as a permissions boundary to the IAM user.

Use AWS Identity and Access Management Access Analyzer to discover the last accessed information for the IAM user and to create a new IAM policy that allows only the services and actions that the last accessed review identified. Replace the IAM user policy with the newly generated policy.

Use AWS Identity and Access Management Access Analyzer to discover the last accessed information for the IAM user and to create a new IAM policy that allows only the services and actions that the last accessed review identified. Attach the newly generated policy as a permissions boundary to the IAM user.

Leave a Reply

Your email address will not be published. Required fields are marked *

fifteen + seven =