How should the SysOps administrator accomplish this task?

Posted by: Pdfprep Category: SOA-C01 Tags: , , Post Date: February 17, 2021

A company has a multi-account AWS environment that includes the following:

A central identity account that contains all IAM users and groups

Several member accounts that contain IAM roles

A SysOp administrator must grant permissions for a particular IAM group to assume o role in one of the member accounts

How should the SysOps administrator accomplish this task?
A . In the member account, add sts: AssumeRole permissions to the role’s policy. In the identity account, add a trusted policy to the group that specifies the account number of the member account.
B . In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy. In the identity account, add an inline policy to the group with sts: AssumeRole permissions.
C . In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy. In the identity account. Add an inline policy to the group with sts: PassRole permission.
D . In the member account, add the group Amazon Resource Name (ARN) to the role’s inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.

Answer: A

Author

Leave a Reply

Your email address will not be published.