AWS Certified Security – Specialty — Question 25
A company wants to control access to its AWS resources by using identities and groups that are defined in its existing Microsoft Active Directory.
What must the company create in its AWS account to map permissions for AWS services to Active Directory user attributes?
Answer options
- A. AWS IAM groups
- B. AWS IAM users
- C. AWS IAM roles
- D. AWS IAM access keys
Correct answer: C
Explanation
The correct answer is C, AWS IAM roles, as they allow you to define permissions that can be assumed by users or services, facilitating the mapping of AWS permissions to Active Directory attributes. The other options, such as IAM groups and users, do not provide the necessary functionality to map permissions directly to external identity sources like Active Directory.