B/D are correct
A - IAM Role
B - IAM User
C - IAM Role
D - IAM User
E - Integrated SSO
Explaination:
There are several situations in which you might want to create an IAM user instead of an IAM role:
When you want to grant access to an individual person, rather than to an AWS resource or service.
When you want to give someone the ability to access the AWS Management Console.
When you want to use multi-factor authentication (MFA) to secure access to your AWS resources.
When you want to give someone the ability to use the AWS API or command line interface (CLI) to access your resources.
On the other hand, there are situations in which you might want to create an IAM role instead of an IAM user:
When you want to grant permissions to an AWS resource or service, rather than to an individual person.
When you want to grant temporary access to your resources.
When you want to grant access to resources in another AWS account.
It's important to carefully consider the specific needs of your use case when deciding whether to create an IAM user or an IAM role.
B:- IAM users are designed for individuals who need to access AWS resources. They have long-term credentials that can be used to sign in to the AWS Management Console or to make requests to AWS services programmatically.
D :- IAM users can be configured to use single sign-on (SSO) with an identity provider (IdP), such as Active Directory or Okta. This allows users to sign in to the corporate network once, and then they will be automatically authenticated to AWS without having to enter their credentials again.
Option A is incorrect because an IAM role can be used to provide AWS access to an application running on Amazon EC2 instances.
Option C is incorrect because IAM roles can be used to provide access to AWS services for mobile applications through AWS Security Token Service (STS) APIs.
Option E is also incorrect because IAM roles can be used with identity federation to enable users who are authenticated in the corporate network to access AWS resources without needing to sign in a second time.
why E is not correct?
The correct answers are: B. When the company creates AWS access credentials for individuals and E. When users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time.
In situations where users are authenticated in the corporate network and want to be able to use AWS without having to sign in a second time (option E), it is also appropriate to create an IAM user. This can be done using AWS Single Sign-On (AWS SSO), which allows users to access AWS accounts and resources by using their corporate credentials.
Why A and C aren't the correct answer here?
This question is tricky
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html
You can create one or more IAM users in your AWS account. You might create an IAM user when someone joins your team, or when you create a new application that needs to make API calls to AWS.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
Users and permissions
By default, a brand new IAM user has no permissions to do anything. The user is not authorized to perform any AWS operations or to access any AWS resources. An advantage of having individual IAM users is that you can assign permissions individually to each user.
BD seems correct but A is also close.
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users.html
An AWS Identity and Access Management (IAM) user is an entity that you create in AWS to represent the person or application that uses it to interact with AWS. A user in AWS consists of a name and credentials.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sirasdf
Highly Voted 2 years, 3 months agoYSJ_VIT
1 year, 4 months agoblopa
1 year, 7 months agoHebaXX
Most Recent 1 month agosonaljain
3 months, 4 weeks agoPranava_GCP
1 year, 9 months agoman5484
1 year, 9 months agoESAJRR
1 year, 10 months agoWarsame21
1 year, 10 months agoet_learner
2 years, 1 month agokonieczny69
2 years, 3 months agoThoRi
1 year, 8 months agoSaif93
2 years, 3 months agoBloodyMery
2 years, 4 months agoJAMTARA
2 years, 4 months agoSilverAlpaca
2 years, 4 months agoDongKG
2 years, 5 months agoSmartLearner
2 years, 5 months agoSmartLearner
2 years, 5 months agoIstiaque
2 years, 6 months ago