ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 222 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 222
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has hired an external vendor to perform work in the company’s AWS account. The vendor uses an automated tool that is hosted in an AWS account that the vendor owns. The vendor does not have IAM access to the company’s AWS account.

How should a solutions architect grant this access to the vendor?

  • A. Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
  • B. Create an IAM user in the company’s account with a password that meets the password complexity requirements. Attach the appropriate IAM policies to the user for the permissions that the vendor requires.
  • C. Create an IAM group in the company’s account. Add the tool’s IAM user from the vendor account to the group. Attach the appropriate IAM policies to the group for the permissions that the vendor requires.
  • D. Create a new identity provider by choosing “AWS account” as the provider type in the IAM console. Supply the vendor’s AWS account ID and user name. Attach the appropriate IAM policies to the new provider for the permissions that the vendor requires.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Babba at Jan. 14, 2023, 9:18 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
cookieMr
Highly Voted 1 year, 1 month ago
By creating an IAM role and delegating access to the vendor's IAM role, you establish a trust relationship between accounts. This allows the vendor's automated tool to assume the role in the company's account and access the necessary resources. By attaching the appropriate IAM policies to the role, you can define the precise permissions that the vendor requires for their tool to perform its tasks. This ensures that the vendor has the necessary access without granting them direct IAM access to the company's account. B is incorrect because creating an IAM user with a password would require sharing the credentials with the vendor, which is not recommended for security reasons. C is incorrect because adding the vendor's IAM user to an IAM group in the company's account would not provide a direct and controlled way to delegate access to the vendor's tool. D is incorrect because creating a new identity provider for the vendor's AWS account would not provide a straightforward way to delegate access to the vendor's tool. Identity providers are typically used for federated access using external identity systems.
upvoted 11 times
...
mp165
Highly Voted 1 year, 7 months ago
Selected Answer: A
A is proper https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html
upvoted 10 times
...
Ruffyit
Most Recent 9 months ago
Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires
upvoted 2 times
...
TariqKipkemei
11 months ago
Selected Answer: A
Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires
upvoted 2 times
...
Guru4Cloud
11 months, 2 weeks ago
Selected Answer: A
A. Create an IAM role in the company’s account to delegate access to the vendor’s IAM role. Attach the appropriate IAM policies to the role for the permissions that the vendor requires.
upvoted 2 times
...
teja54
1 year, 2 months ago
Selected Answer: C
....................................
upvoted 1 times
...
Bmarodi
1 year, 2 months ago
Selected Answer: A
Option A fulfill the requirements.
upvoted 2 times
...
Aninina
1 year, 7 months ago
Selected Answer: A
IAM role is the answer
upvoted 2 times
...
techhb
1 year, 7 months ago
Selected Answer: A
A is correct answer.
upvoted 2 times
...
kbaruu
1 year, 7 months ago
Selected Answer: A
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html
upvoted 3 times
...
venice1234
1 year, 7 months ago
Selected Answer: A
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
upvoted 3 times
...
Parsons
1 year, 7 months ago
Selected Answer: A
A is the correct answer.
upvoted 4 times
...
Babba
1 year, 7 months ago
Selected Answer: D
My guess is D: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html
upvoted 2 times
pentium75
7 months, 3 weeks ago
But your link describes A, not D.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago