Multiple Choice
An enterprise wants to use a third-party SaaS application. The SaaS application needs to have access to issue several API commands to discover Amazon EC2 resources running within the enterprise's account The enterprise has internal security policies that require any outside access to their environment must conform to the principles of least privilege and there must be controls in place to ensure that the credentials used by the SaaS vendor cannot be used by any other third party. Which of the following would meet all of these conditions?
A) From the AWS Management Console, navigate to the Security Credentials page and retrieve the access and secret key for your account.
B) Create an IAM user within the enterprise account assign a user policy to the IAM user that allows only the actions required by the SaaS application create a new access and secret key for the user and provide these credentials to the SaaS provider.
C) Create an IAM role for cross-account access allows the SaaS provider's account to assume the role and assign it a policy that allows only the actions required by the SaaS application.
D) Create an IAM role for EC2 instances, assign it a policy that allows only the actions required tor the SaaS application to work, provide the role ARN to the SaaS provider to use when launching their application instances.
Correct Answer:
Verified
Correct Answer:
Verified
Q481: A company wants to migrate its website
Q482: An e-commerce company is revamping its IT
Q483: An ecommerce website running on AWS uses
Q484: A company with multiple accounts is currently
Q485: A company wants to migrate its on-premises
Q487: You are designing Internet connectivity for your
Q488: A Solutions Architect needs to design a
Q489: You are implementing a URL whitelisting system
Q490: How can you check the operational validity
Q491: You have deployed a three-tier web application