AWS Certified Cloud Practitioner (CLF-C02) — Question 207

A company has teams that have different job roles and responsibilities. The company’s employees often change teams. The company needs to manage permissions for the employees so that the permissions are appropriate for the job responsibilities.

Which IAM resource should the company use to meet this requirement with the LEAST operational overhead?

Answer options

• A. IAM user groups
• B. IAM roles
• C. IAM instance profiles
• D. IAM policies for individual users

Correct answer: B

Explanation

IAM roles are the best choice for managing permissions with minimal overhead, as they can be easily assumed by different users across varying teams without needing to modify individual permissions. In contrast, IAM user groups and IAM policies for individual users require more management as roles change, and IAM instance profiles are specifically used for EC2 instances, not for managing user permissions.