Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Get Unlimited Access

Amazon Discussions

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 222 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03

Question #: 222
Topic #: 1

[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account.

How should a solutions architect grant this access to the vendor?

A. Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
B. Create an IAM user in the company’s account with a password that meets the password complexity requirements. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
C. Create an IAM group in the company’s account. Add the tool’s IAM user from the vendor account to the group. Attach the appropriate IAM policies to the group for the permissions that the vendor requires.
D. Create a new identity provider by choosing “AWS account” as the provider type in the IAM console. Supply the vendor’s AWS account ID and user name. Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.

Show Suggested Answer

Suggested Answer: A 🗳️

by Babba at Jan. 14, 2023, 9:18 a.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

mp165

Highly Voted 1 year, 5 months ago

Selected Answer: A

A is proper https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

upvoted 8 times

...

cookieMr

Highly Voted 1 year ago

By creating an IAM role and delegating access to the vendor's IAM role, you establish a trust relationship between accounts. This allows the vendor's automated tool to assume the role in the company's account and access the necessary resources. By attaching the appropriate IAM policies to the role, you can define the precise permissions that the vendor requires for their tool to perform its tasks. This ensures that the vendor has the necessary access without granting them direct IAM access to the company's account. B is incorrect because creating an IAM user with a password would require sharing the credentials with the vendor, which is not recommended for security reasons. C is incorrect because adding the vendor's IAM user to an IAM group in the company's account would not provide a direct and controlled way to delegate access to the vendor's tool. D is incorrect because creating a new identity provider for the vendor's AWS account would not provide a straightforward way to delegate access to the vendor's tool. Identity providers are typically used for federated access using external identity systems.

upvoted 7 times

...

1 year, 5 months ago

Selected Answer: D

My guess is D: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html

upvoted 2 times

pentium75

6 months, 1 week ago

But your link describes A, not D.

upvoted 1 times

...

Unlimited Access

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 222 discussion

Comments

mp165

cookieMr

Ruffyit

TariqKipkemei

Guru4Cloud

teja54

Bmarodi

Aninina

techhb

kbaruu

venice1234

Parsons

Babba

pentium75

Get IT Certification

New Version GCP Professional Cloud Architect Certificate & Helpful Information

The 5 Most In-Demand Project Management Certifications of 2019