AWS Certified Machine Learning Engineer – Associate (MLA-C01) — Question 16

A company has a team of data scientists who use Amazon SageMaker notebook instances to test ML models. When the data scientists need new permissions, the company attaches the permissions to each individual role that was created during the creation of the SageMaker notebook instance.
The company needs to centralize management of the team's permissions.
Which solution will meet this requirement?

Answer options

• A. Create a single IAM role that has the necessary permissions. Attach the role to each notebook instance that the team uses.
• B. Create a single IAM group. Add the data scientists to the group. Associate the group with each notebook instance that the team uses.
• C. Create a single IAM user. Attach the AdministratorAccess AWS managed IAM policy to the user. Configure each notebook instance to use the IAM user.
• D. Create a single IAM group. Add the data scientists to the group. Create an IAM role. Attach the AdministratorAccess AWS managed IAM policy to the role. Associate the role with the group. Associate the group with each notebook instance that the team uses.

Correct answer: A

Explanation

The correct answer is A, as creating a single IAM role with the necessary permissions and attaching it to each notebook instance allows for centralized management of permissions. Option B does not provide the necessary permissions directly to the notebook instances. Option C assigns permissions to a single IAM user, which does not scale well. Option D complicates the solution by adding unnecessary steps and does not centralize permission management effectively.