Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 521 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 521
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A retail company has several businesses. The IT team for each business manages its own AWS account. Each team account is part of an organization in AWS Organizations. Each team monitors its product inventory levels in an Amazon DynamoDB table in the team's own AWS account.

The company is deploying a central inventory reporting application into a shared AWS account. The application must be able to read items from all the teams' DynamoDB tables.

Which authentication option will meet these requirements MOST securely?

  • A. Integrate DynamoDB with AWS Secrets Manager in the inventory application account. Configure the application to use the correct secret from Secrets Manager to authenticate and read the DynamoDB table. Schedule secret rotation for every 30 days.
  • B. In every business account, create an IAM user that has programmatic access. Configure the application to use the correct IAM user access key ID and secret access key to authenticate and read the DynamoDB table. Manually rotate IAM access keys every 30 days.
  • C. In every business account, create an IAM role named BU_ROLE with a policy that gives the role access to the DynamoDB table and a trust policy to trust a specific role in the inventory application account. In the inventory account, create a role named APP_ROLE that allows access to the STS AssumeRole API operation. Configure the application to use APP_ROLE and assume the crossaccount role BU_ROLE to read the DynamoDB table.
  • D. Integrate DynamoDB with AWS Certificate Manager (ACM). Generate identity certificates to authenticate DynamoDB. Configure the application to use the correct certificate to authenticate and read the DynamoDB table.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by nosense at May 19, 2023, 11:58 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
cloudenthusiast
Highly Voted 1 year, 1 month ago
Selected Answer: C
IAM Roles: IAM roles provide a secure way to grant permissions to entities within AWS. By creating an IAM role in each business account named BU_ROLE with the necessary permissions to access the DynamoDB table, the access can be controlled at the IAM role level. Cross-Account Access: By configuring a trust policy in the BU_ROLE that trusts a specific role in the inventory application account (APP_ROLE), you establish a trusted relationship between the two accounts. Least Privilege: By creating a specific IAM role (BU_ROLE) in each business account and granting it access only to the required DynamoDB table, you can ensure that each team's table is accessed with the least privilege principle. Security Token Service (STS): The use of STS AssumeRole API operation in the inventory application account allows the application to assume the cross-account role (BU_ROLE) in each business account.
upvoted 27 times
TariqKipkemei
11 months, 3 weeks ago
Well broken down..thank you :)
upvoted 2 times
...
...
MandAsh
Most Recent 2 weeks, 5 days ago
C because they have taken effort to explain it in details.. lol
upvoted 1 times
...
Bennyboy789
10 months, 1 week ago
Selected Answer: C
Keyword: IAM ROLES
upvoted 3 times
...
Guru4Cloud
10 months, 2 weeks ago
Selected Answer: C
C is the most secure option to meet the requirements. Using cross-account IAM roles and role chaining allows the inventory application to securely access resources in other accounts. The roles provide temporary credentials and can be permissions controlled.
upvoted 2 times
...
hsinchang
11 months, 2 weeks ago
Selected Answer: C
Looks complex, but IAM role seems more probable, I go with C.
upvoted 3 times
...
mattcl
1 year ago
Why not A?
upvoted 3 times
awsgeek75
5 months, 3 weeks ago
A is wrong because it is incomplete. Just integrating with secrets manager doesn't give any access to DynamoDB.
upvoted 1 times
...
...
antropaws
1 year ago
Selected Answer: C
It's complex, but looks C.
upvoted 1 times
...
eehhssaan
1 year, 1 month ago
i'll go with C .. coming from two minds
upvoted 2 times
...
nosense
1 year, 1 month ago
a or c. C looks like a more secure
upvoted 1 times
omoakin
1 year, 1 month ago
CCCCCCCCCCC
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
ex Want to SAVE BIG on Certification Exam Prep?
close
ex Unlock All Exams with ExamTopics Pro 75% Off
  • arrow Choose From 1000+ Exams
  • arrow Access to 10 Exams per Month
  • arrow PDF Format Available
  • arrow Inline Discussions
  • arrow No Captcha/Robot Checks
Limited Time Offer
Ends in

Claim Offer Now
286 people claimed it in the last 6 hours