AWS Certified SysOps Administrator – Associate (legacy) — Question 236

An organization has created 50 IAM users. The organization has introduced a new policy which will change the access of an IAM user. How can the organization implement this effectively so that there is no need to apply the policy at the individual user level?

Answer options

• A. Use the IAM groups and add users as per their role to different groups and apply policy to group
• B. The user can create a policy and apply it to multiple users in a single go with the AWS CLI
• C. Add each user to the IAM role as per their organization role to achieve effective policy setup
• D. Use the IAM role and implement access at the role level

Correct answer: A

Explanation

The correct answer is A because using IAM groups allows for efficient management of permissions by applying a policy to a group rather than to each user individually. Options B and C do not streamline the policy application process as effectively as groups, and option D is incorrect as it doesn't address the need to manage multiple users' access collectively.