An organization has two AWS accounts: Development and Production. A SysOps Administrator manages access of IAM users to both accounts. Some IAM users in Development should have access to certain resources in Production. How can this be accomplished?
A.
Create an IAM role in the Production account with the Development account as a trusted entity and then allow those users from the Development account to assume the Production account IAM role.
B.
Create a group of IAM users in the Development account, and add Production account service ARNs as resources in the IAM policy.
C.
Establish a federation between the two accounts using the on-premises Microsoft Active Directory, and allow the Development account to access the Production account through this federation.
D.
Establish an Amazon Cognito Federated Identity between the two accounts, and allow the Development account to access the Production account through this federation.
By creating an IAM role in the Production account and establishing trust with the Development account, you can define permissions for the IAM role that allow access to specific resources in the Production account. IAM users in the Development account can then assume this IAM role to access the allowed resources.
A. Create an IAM role in the Production account with the Development account as a trusted entity and then allow those users from the Development account to assume the Production account IAM role.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
saumenP
Highly Voted 2 years, 7 months agoalbert_kuo
Most Recent 10 months agoRicardoD
2 years, 6 months agoHVarada
2 years, 6 months agoabhishek_m_86
2 years, 6 months agoarpana_03
2 years, 6 months agojackdryan
2 years, 6 months agoprofessor
2 years, 7 months ago