AWS Certified Security – Specialty (SCS-C03) — Question 23

A company has multiple accounts in the AWS Cloud. Users in the developer account need to have access to specific resources in the production account.
What is the MOST secure way to provide this access?

Answer options

• A. Create one IAM user in the production account Grant the appropriate permissions to the resources that are needed. Share the password only with the users that need access.
• B. Create cross-account access with an IAM role in the developer account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.
• C. Create cross-account access with an IAM user account in the production account. Grant the appropriate permissions to this user account. Allow users in the developer account to use this user account to access the production resources.
• D. Create cross-account access with an IAM role in the production account. Grant the appropriate permissions to this rote Allow users in the developer account to assume this role to access the production resources.

Correct answer: D

Explanation

The correct answer is D because using an IAM role in the production account allows for more secure and manageable access control compared to using an IAM user. It avoids sharing passwords and provides a temporary access mechanism, which reduces the risk of credential exposure. The other options either involve sharing IAM user accounts or are configured in a less secure manner.