AWS Certified Developer – Associate (DVA-C02) — Question 453

A company’s AWS accounts are in an organization in AWS Organizations. An application in Account A uses environment variables that are stored as parameters in AWS Systems Manager Parameter Store. A developer is creating a new application in Account B that needs to use the same environment variables.

The application in Account B needs access to the parameters in Account A without duplicating the parameters into Account B.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Configure the application in Account B to use credentials for an IAM user in AccountA that has access to the parameters.
• B. Create an assumable IAM role in Account A. Grant the role the permission to access the parameters.
• C. Configure cross-account resource sharing for the parameters by using AWS Resource Access Manager (AWS RAM).
• D. Write a script that stores the parameter values in a private Amazon S3 bucket that both accounts can access.

Correct answer: C

Explanation

AWS Resource Access Manager (AWS RAM) enables native, secure cross-account sharing of AWS Systems Manager Parameter Store parameters within an organization, which minimizes administrative and operational overhead. Using cross-account IAM roles or hardcoded credentials introduces additional code complexity and security management challenges. Storing parameters in Amazon S3 via custom scripts requires ongoing maintenance and defeats the purpose of using a centralized parameter store.