A large corporation is creating a multi-account strategy and needs to determine how its employees should access the AWS Infrastructure. Which of the following solutions would provide the MOST scalable solution?
A.
Create dedicated IAM users within each AWS account that employees can assume though federation based upon group membership in their existing identity provider.
B.
Use a centralized account with IAM roles that employees can assume through federation with their existing identity provider. Use cross-account roles to allow the federated users to assume their target role in the resource accounts.
C.
Configure the AWS Security Token Service to use Kerberos tokens so that users can use their existing corporate user names and passwords to access AWS resources directly.
D.
Configure the IAM trust policies within each account's role to set up a trust back to the corporation's existing identity provider, allowing users to assume the role based off their SAML token.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sanjaym
Highly Voted 3 years, 7 months ago[Removed]
Highly Voted 3 years, 8 months agoRaphaello
Most Recent 1 year, 3 months agoepomatti
1 year, 8 months agoITGURU51
2 years, 1 month agoawssazure
2 years, 8 months agosapien45
2 years, 10 months agoalghoundar
3 years, 4 months agoRadhaghosh
3 years, 4 months agomunish3420
3 years, 6 months agoIMAHM
3 years, 6 months agoDerekKey
3 years, 7 months agoHungdv
3 years, 7 months agoEdgecrusher77
3 years, 7 months agocldy
3 years, 8 months agoHudda
3 years, 8 months agoHudda
3 years, 8 months ago