AWS Certified Cloud Practitioner — Question 871

A developer is writing a program that must switch between multiple IAM roles.

Which AWS services or features can the program use to meet this requirement? (Choose two.)

Answer options

• A. AWS CLI
• B. AWS Security Token Service (AWS STS) API
• C. IAM inline policies
• D. AWS Organizations
• E. AWS Trusted Advisor

Correct answer: A, B

Explanation

To switch or assume different IAM roles, an application can use the AWS Security Token Service (AWS STS) API, specifically the AssumeRole action, or execute commands via the AWS CLI. IAM inline policies only define permissions for a specific identity, while AWS Organizations and AWS Trusted Advisor do not provide mechanisms for assuming IAM roles.