A company has multiple child accounts that are part of an organization in AWS Organizations. The security team needs to review every Amazon EC2 security group and their inbound and outbound rules. The security team wants to programmatically retrieve this information from the child accounts using an AWS Lambda function in the master account of the organization. Which combination of access changes will meet these requirements? (Choose three.)
A) Create a trust relationship that allows users in the child accounts to assume the master account IAM role.
B) Create a trust relationship that allows users in the master account to assume the IAM roles of the child accounts.
C) Create an IAM role in each child account that has access to the AmazonEC2ReadOnlyAccess managed policy.
D) Create an IAM role in each child account to allow the sts:AssumeRole action against the master account IAM role's ARN.
E) Create an IAM role in the master account that allows the sts:AssumeRole action against the child account IAM role's ARN.
F) Create an IAM role in the master account that has access to the AmazonEC2ReadOnlyAccess managed policy.
Correct Answer:
Verified
Q486: A company uses federated access for its
Q487: A company has multiple development teams sharing
Q488: A company recently launched an application that
Q489: You have an application which consists of
Q490: A Development team wants to deploy an
Q492: A company is deploying a container-based application
Q493: An application running on multiple Amazon EC2
Q494: A company's legacy application uses IAM user
Q495: A company has an application deployed using
Q496: You have decided that you need to
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents