AWS Certified Solutions Architect – Associate (SAA-C03) — Question 918

A company needs to grant a team of developers access to the company's AWS resources. The company must maintain a high level of security for the resources.

The company requires an access control solution that will prevent unauthorized access to the sensitive data.

Which solution will meet these requirements?

Answer options

• A. Share the IAM user credentials for each development team member with the rest of the team to simplify access management and to streamline development workflows.
• B. Define IAM roles that have fine-grained permissions based on the principle of least privilege. Assign an IAM role to each developer.
• C. Create IAM access keys to grant programmatic access to AWS resources. Allow only developers to interact with AWS resources through API calls by using the access keys.
• D. Create an AWS Cognito user pool. Grant developers access to AWS resources by using the user pool.

Correct answer: B

Explanation

Implementing IAM roles with fine-grained permissions based on the principle of least privilege (Option B) ensures that developers only have the minimum necessary access to perform their jobs, minimizing the risk of unauthorized access. Sharing credentials (Option A) violates security best practices and compromises accountability, while relying solely on access keys (Option C) or Amazon Cognito user pools (Option D) does not inherently enforce least-privilege resource access control for internal developers.