AWS Certified SysOps Administrator – Associate (legacy) — Question 536

As part of a federated identity configuration, an IAM policy is created and attached to an IAM role.
Who is responsible for creating the IAM policy and attaching it to the IAM role, according to the shared responsibility model?

Answer options

• A. AWS is responsible for creating and attaching the IAM policy to the role.
• B. AWS is responsible for creating the role, and a SysOps Administrator is responsible for attaching the policy to the role.
• C. A SysOps Administrator is responsible for creating and attaching the IAM policy to the role.
• D. A SysOps Administrator is responsible for creating the role, and AWS is responsible for attaching the policy to the role.

Correct answer: C

Explanation

Under the AWS Shared Responsibility Model, AWS is responsible for security 'of' the cloud, while the customer is responsible for security 'in' the cloud, which includes Identity and Access Management (IAM). Consequently, configuring IAM policies and roles is entirely the customer's responsibility, meaning a SysOps Administrator must handle both creating the policy and attaching it to the role.