AWS Certified Cloud Practitioner (CLF-C02) — Question 134

A company wants to grant users in one AWS account access to resources in another AWS account. The users do not currently have permission to access the resources.
Which AWS service will meet this requirement?

Answer options

• A. IAM group
• B. IAM role
• C. IAM tag
• D. IAM Access Analyzer

Correct answer: B

Explanation

The correct answer is B, IAM role, as it allows users from one AWS account to assume permissions in another account, facilitating cross-account access. IAM groups do not provide cross-account access, IAM tags are used for resource management and organization, and IAM Access Analyzer is a tool for identifying resource policies that allow access, not for granting access.