AWS Certified SysOps Administrator – Associate — Question 465

A SysOps administrator wants to provide access to AWS services by attaching an IAM policy to multiple IAM users. The SysOps administrator also wants to be able to change the policy and create new versions.
Which combination of actions will meet these requirements? (Choose two.)

Answer options

• A. Add the users to an IAM service-linked role. Attach the policy to the role.
• B. Add the users to an IAM user group. Attach the policy to the group.
• C. Create an AWS managed policy.
• D. Create a customer managed policy.
• E. Create an inline policy.

Correct answer: B, D

Explanation

To assign policies to multiple users efficiently, it is best practice to place them in an IAM user group and attach the policy to the group. To allow editing and versioning of the policy, a customer managed policy must be used, as AWS managed policies cannot be modified by customers and inline policies do not support versioning.