A solutions architect is designing an AWS Identity and Access Management (IAM) authorization model for a company's AWS account. The company has designated five specific employees to have full access to AWS services and resources in the AWS account. The solutions architect has created an IAM user for each of the five designated employees and has created an IAM user group. Which solution will meet these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Attach the AdministratorAccess identity-based policy to the IAM user group. Place each of the five designated employee IAM users in the IAM user group..
Why this is the answer
The correct solution is to attach the AdministratorAccess identity-based policy to the IAM user group and place the five employee IAM users in that group. AdministratorAccess is an AWS managed policy that grants full access to AWS services and resources, fulfilling the requirement for "full access." Identity-based policies are attached to IAM identities (users, groups, or roles) and define what those identities can do. Resource-based policies are attached to resources and specify who has access to that resource and what actions they can perform. SystemAdministrator is not a standard AWS managed policy. Therefore, using an identity-based policy like AdministratorAccess on a user group is the most appropriate and secure way to manage permissions for multiple users needing the same level of access.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed