A company has multiple accounts in the AWS Cloud. Users in the developer account need to have access to specific resources in the production account.
What is the MOST secure way to provide this access?
A.
Create one IAM user in the production account. Grant the appropriate permissions to the resources that are needed. Share the password only with the users that need access.
B.
Create cross-account access with an IAM role in the developer account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.
C.
Create cross-account access with an IAM user account in the production account. Grant the appropriate permissions to this user account. Allow users in the developer account to use this user account to access the production resources.
D.
Create cross-account access with an IAM role in the production account. Grant the appropriate permissions to this role. Allow users in the developer account to assume this role to access the production resources.
D, create role on destination account, grant access to the rol, permit developer user assume permisions
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
The IAM role should be created where the resource is located. In this particular case, users from the developer account need access to the production resource. Therefore, the cross account with the IAM role should be assigned to the production account. D
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Isaias
Highly Voted 2 years, 5 months agoToptip
Most Recent 1 year, 11 months agoITGURU51
2 years agotainh
2 years, 5 months agoD2
2 years, 5 months agosecdaddy
2 years, 4 months agoShriraj32
2 years, 5 months ago