ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 667 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 667
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

An AWS partner company is building a service in AWS Organizations using its organization named org1. This service requires the partner company to have access to AWS resources in a customer account, which is in a separate organization named org2. The company must establish least privilege security access using an API or command line tool to the customer account.
What is the MOST secure way to allow org1 to access resources in org2?

  • A. The customer should provide the partner company with their AWS account access keys to log in and perform the required tasks.
  • B. The customer should create an IAM user and assign the required permissions to the IAM user. The customer should then provide the credentials to the partner company to log in and perform the required tasks.
  • C. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role's Amazon Resource Name (ARN) when requesting access to perform the required tasks.
  • D. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM role's Amazon Resource Name (ARN), including the external ID in the IAM role's trust policy, when requesting access to perform the required tasks.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by A_New_Guy at Nov. 5, 2020, 7:11 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
A_New_Guy
Highly Voted 3 years, 7 months ago
I think D is the Answer: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
upvoted 20 times
oscargee
3 years, 6 months ago
Not correct. I think you mixed client and host role. Host owner should create IAM with external ID. But in this case, reversed.
upvoted 2 times
student22
3 years, 5 months ago
Yes. I think the answer is C.
upvoted 1 times
student22
3 years, 5 months ago
Changing my answer to D. Assuming the answer is not suggesting to include the external id when making the request.
upvoted 1 times
...
...
...
Kelvin1477
3 years, 7 months ago
agree, external id is a safety precatious to only allow certain user in that third party app orgnizahttps://www.examtopics.com/exams/amazon/aws-certified-solutions-architect-professional/view/68/#tion to assume the role
upvoted 3 times
kirrim
3 years, 5 months ago
Agree, it's addressing the "Confused Deputy problem": https://docs.aws.amazon.com/IAM/latest/UserGuide/confused-deputy.html
upvoted 1 times
...
...
...
SkyZeroZx
Most Recent 1 year, 10 months ago
Selected Answer: D
Trush Policy is the key in this case Then D
upvoted 1 times
...
OBA1
3 years ago
Selected Answer: D
Answer is D Difference between C and D is “ What is the SECUREST”
upvoted 4 times
...
cldy
3 years, 4 months ago
D. The customer should create an IAM role and assign the required permissions to the IAM role. The partner company should then use the IAM roleג€™s Amazon Resource Name (ARN), including the external ID in the IAM roleג€™s trust policy, when requesting access to perform the required tasks.
upvoted 2 times
...
AzureDP900
3 years, 4 months ago
D is correct
upvoted 1 times
...
acloudguru
3 years, 5 months ago
Selected Answer: D
D is the Answer, such simple security question, hope I can have it in my real exam https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
upvoted 1 times
...
andylogan
3 years, 5 months ago
It's D
upvoted 1 times
...
tgv
3 years, 6 months ago
DDD ---
upvoted 1 times
...
WhyIronMan
3 years, 6 months ago
I'll go with D
upvoted 1 times
...
Waiweng
3 years, 6 months ago
it's D
upvoted 3 times
...
blackgamer
3 years, 6 months ago
Anwer is D.
upvoted 2 times
...
alisyech
3 years, 6 months ago
i choose D
upvoted 1 times
...
Joaster
3 years, 6 months ago
Definitely D: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
upvoted 1 times
...
Kian1
3 years, 6 months ago
will go with D
upvoted 2 times
...
Ebi
3 years, 6 months ago
D is my choice
upvoted 4 times
...
Bulti
3 years, 6 months ago
Answer is D.
upvoted 3 times
...
petebear55
3 years, 6 months ago
Why do they have the correct answer as B ? when it is clearly D ?
upvoted 1 times
kopper2019
3 years, 6 months ago
the idea behind examtopics is resolved the Qs use the crow and share and debate about the correct answers here not the ones depicted
upvoted 4 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago