ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 438 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 438
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company has two AWS accounts: Production and Development. There are code changes ready in the Development account to push to the Production account.
In the alpha phase, only two senior developers on the development team need access to the Production account. In the beta phase, more developers might need access to perform testing as well.
What should a solutions architect recommend?

  • A. Create two policy documents using the AWS Management Console in each account. Assign the policy to developers who need access.
  • B. Create an IAM role in the Development account. Give one IAM role access to the Production account. Allow developers to assume the role.
  • C. Create an IAM role in the Production account with the trust policy that specifies the Development account. Allow developers to assume the role.
  • D. Create an IAM group in the Production account and add it as a principal in the trust policy that specifies the Production account. Add developers to the group.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by AnuhyaTech at May 2, 2021, 10:15 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
syu31svc
Highly Voted 3 years, 6 months ago
https://aws.amazon.com/blogs/security/how-to-use-trust-policies-with-iam-roles/: "One AWS account accesses another AWS account – This use case is commonly referred to as a cross-account role pattern. This allows human or machine IAM principals from other AWS accounts to assume this role and act on resources in this account." "Trust relationship – This policy defines which principals can assume the role, and under which conditions. This is sometimes referred to as a resource-based policy for the IAM role. We’ll refer to this policy simply as the ‘trust policy’." Answer is C
upvoted 40 times
...
ExamExpert82
Highly Voted 3 years, 6 months ago
Answer is C according to pofficial doc.aws on IAM tutorial: Delegate access across AWS accounts using IAM roles here: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
upvoted 13 times
...
coronalife09
Most Recent 2 years, 6 months ago
Selected Answer: C
CCCCCCCCCCC
upvoted 1 times
...
MChitra
2 years, 8 months ago
Selected Answer: C
more secure
upvoted 1 times
...
Fyssy
2 years, 8 months ago
Selected Answer: C
Always assume role
upvoted 1 times
...
DirectRaw
2 years, 10 months ago
Why C, role is for services not for users?
upvoted 2 times
...
awsnoobster
3 years, 2 months ago
C is much more secure
upvoted 1 times
...
FF11
3 years, 3 months ago
Selected Answer: C
C is correct.
upvoted 1 times
...
Cabrera
3 years, 6 months ago
Its C Allways you see something related with security try to use IAM role
upvoted 4 times
...
Toni2936
3 years, 6 months ago
This is C
upvoted 7 times
...
JasonJeon
3 years, 6 months ago
Answer is C.
upvoted 5 times
...
AnuhyaTech
3 years, 7 months ago
Answer is C
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago