AWS Certified Solutions Architect – Associate (SAA-C02) — Question 158

An operations team has a standard that states IAM policies should not be applied directly to users. Some new team members have not been following this standard. The operations manager needs a way to easily identify the users with attached policies.
What should a solutions architect do to accomplish this?

Answer options

• A. Monitor using AWS CloudTrail.
• B. Create an AWS Config rule to run daily.
• C. Publish IAM user changes to Amazon SNS.
• D. Run AWS Lambda when a user is modified.

Correct answer: B

Explanation

Creating an AWS Config rule to run daily allows for continuous monitoring of IAM policy attachments, thereby ensuring compliance with the team's standard. Option A does not provide real-time identification, while C and D focus on notifications and actions rather than systematic compliance checking.