AWS Certified Security – Specialty — Question 198

A company is setting up products to deploy in AWS Service Catalog. Management is concerned that when users launch products, elevated IAM privileges will be required to create resources.
How should the company mitigate this concern?

Answer options

• A. Add a template constraint to each product in the portfolio.
• B. Add a launch constraint to each product in the portfolio.
• C. Define resource update constraints for each product in the portfolio.
• D. Update the AWS CloudFormation template backing the product to include a service role configuration.

Correct answer: B

Explanation

The correct answer is B because adding a launch constraint allows the company to specify a role that users will assume when launching the product, thus limiting the permissions needed. The other options either do not address the concern of user permissions directly or do not provide a mechanism for controlling IAM privileges effectively during product launches.