An organization has two AWS accounts: Development and Production. A SysOps Administrator manages access of IAM users to both accounts. Some IAM users in Development should have access to certain resources in Production. How can this be accomplished?
A) Create an IAM role in the Production account with the Development account as a trusted entity and then allow those users from the Development account to assume the Production account IAM role.
B) Create a group of IAM users in the Development account, and add Production account service ARNs as resources in the IAM policy.
C) Establish a federation between the two accounts using the on-premises Microsoft Active Directory, and allow the Development account to access the Production account through this federation.
D) Establish an Amazon Cognito Federated Identity between the two accounts, and allow the Development account to access the Production account through this federation.
Correct Answer:
Verified
Q625: A company currently has a single AWS
Q626: A SysOps Administrator is using AWS CloudFormation
Q627: A company website hosts patches for software
Q628: A mobile application must allow users to
Q629: A company must share monthly report files
Q631: A SysOps Administrator wants to automate the
Q632: An organization has hired an external firm
Q633: A photo-sharing site delivers content worldwide from
Q634: An existing, deployed solution uses Amazon EC2
Q635: A SysOps Administrator has an AWS Direct
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents