AWS Certified Developer – Associate (DVA-C02) — Question 341

A developer uses AWS IAM Identity Center (AWS Single Sign-On) to interact with the AWS CLI and AWS SDKs on a local workstation. API calls to AWS services were working when the SSO access was first configured. However, the developer is now receiving Access Denied errors. The developer has not changed any configuration files or scripts that were previously working on the workstation.

What is the MOST likely cause of the developer's access issue?

Answer options

• A. The access permissions to the developer's AWS CLI binary file have changed.
• B. The permission set that is assumed by IAM Identity Center does not have the necessary permissions to complete the API call.
• C. The credentials from the IAM Identity Center federated role have expired.
• D. The developer is attempting to make API calls to the incorrect AWS account.

Correct answer: C

Explanation

Temporary credentials obtained through AWS IAM Identity Center have a limited lifespan and will naturally expire, resulting in Access Denied errors until the developer logs in again. Because the setup worked initially and no configurations were changed, permission sets (Option B) and account targets (Option D) are unlikely to be the cause. File permissions on the AWS CLI binary (Option A) would prevent execution entirely rather than returning AWS service Access Denied errors.