ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 349 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 349
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A developer needs temporary access to resources in a second account.

What is the MOST secure way to achieve this?

  • A. Use the Amazon Cognito user pools to get short-lived credentials for the second account.
  • B. Create a dedicated IAM access key for the second account, and send it by mail.
  • C. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials.
  • D. Establish trust, and add an SSH key for the second account to the IAM user.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by trungtd at April 5, 2024, 8:46 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
65703c1
5 months, 1 week ago
Selected Answer: C
C is the correct answer.
upvoted 1 times
...
608064a
5 months, 2 weeks ago
Selected Answer: C
C. Create a cross-account access role, and use sts:AssumeRole API to get short-lived credentials. This method provides temporary, limited access to the necessary resources in the second account without sharing long-term credentials, ensuring security and adherence to best practices.
upvoted 4 times
...
trungtd
7 months ago
Selected Answer: C
Here's how it works: 1. Create an IAM Role in the Second Account: The administrator of the second account creates an IAM role and attaches policies that grant permissions to the resources that the developer needs to access. The trust policy of the role allows the first account (the developer's account) to assume this role. 2. Assume the IAM Role: The developer in the first account can then call the sts:AssumeRole API operation, passing the ARN of the role to assume in the second account. If the request is successful, the response includes temporary security credentials that the developer can use to access resources in the second account.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago