SEARCH
You are in browse mode. You must login to use MEMORY

   Log in to start


From course:

AWS Solution Architect

» Start this Course
(Practice similar questions for free)
Question:

A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies. A solutions architect needs to allow an IAM user in Account A to assume a role in Account B. Which combination of steps must the solutions architect take to meet this requirement? (Choose three.) A. Configure the SCP for Account A to allow the action. B. Configure the resource-based policies to allow the action. C. Configure the identity-based policy on the user in Account A to allow the action. D. Configure the identity-based policy on the user in Account B to allow the action. E. Configure the trust policy on the target role in Account B to allow the action. F. Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.

Author: Jorge Soroce



Answer:

Configure the SCP for Account A to allow the action. Configure the identity-based policy on the user in Account A to allow the action. Configure the trust policy on the target role in Account B to allow the action.


0 / 5  (0 ratings)

1 answer(s) in total