AWS Certified SysOps Administrator – Associate (SOA-C03) — Question 49

A CloudOps engineer wants to provide access to AWS services by attaching an IAM policy to multiple IAM users The CloudOps engineer also wants to be able to change the policy and create new versions.
Which combination of actions will meet these requirements? (Choose two.)

Answer options

• A. Add the users to an IAM service-linked role. Attach the policy to the role.
• B. Add the users to an IAM user group. Attach the policy to the group.
• C. Create an AWS managed policy.
• D. Create a customer managed policy.
• E. Create an inline policy.

Correct answer: B, D

Explanation

Option B is correct because adding users to an IAM user group allows the attachment of a policy that can be easily managed. Option D is also correct as creating a customer managed policy enables the modification and versioning of the policy. Options A, C, and E do not provide the required functionality for versioning and management as effectively as B and D.