A company builds an application that handles sensitive customer data using Amazon RDS, Amazon S3, and S3 Event Notifications that invoke AWS Lambda. The company uses AWS IAM Identity Center to manage user credentials. Development, testing, and operations teams need secure access to Amazon RDS and Amazon S3, following least privilege. Which solution meets these requirements with the LEAST operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Enable IAM Identity Center with an Identity Center directory. Create and configure permission sets with granular access to Amazon RDS and Amazon S3. Assign all the teams to groups that have specific access with the permission sets..
Why this is the answer
The correct solution leverages IAM Identity Center, which is designed for centralized access management across multiple AWS accounts and applications. By creating permission sets with granular access to Amazon RDS and Amazon S3 and assigning them to groups, the company can efficiently manage access for all teams with least privilege and minimal operational overhead. Using IAM roles directly for all teams (option 1) is a valid approach but less centralized and scalable than IAM Identity Center, leading to higher operational overhead for managing roles across multiple teams and resources. Creating individual IAM users (option 3) is not recommended as it increases management complexity and goes against best practices for centralized identity management. Using separate AWS accounts for each team with AWS Organizations (option 4) adds significant operational overhead due to managing multiple accounts and cross-account roles, which is overkill for simply managing access to RDS and S3 within the same environment.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed