Multiple Choice
The Security team needs to provide a team of interns with an AWS environment so they can build a serverless video transcoding application. The project will use Amazon S3, AWS Lambda, Amazon API Gateway, Amazon Cognito, Amazon DynamoDB, and Amazon Elastic Transcoder. The interns should be able to create and configure the necessary resources, but they may not have access to create or modify AWS IAM roles. The Solutions Architect creates a policy and attaches it to the interns' group. How should the Security team configure the environment to ensure that the interns are self-sufficient?
A) Create a policy that allows creation of project-related resources only. Create roles with required service permissions, which are assumable by the services.
B) Create a policy that allows creation of all project-related resources, including roles that allow access only to specified resources.
C) Create roles with the required service permissions, which are assumable by the services. Have the interns create and use a bastion host to create the project resources in the project subnet only.
D) Create a policy that allows creation of project-related resources only. Require the interns to raise a request for roles to be created with the Security team. The interns will provide the requirements for the permissions to be set in the role.
Correct Answer:
Verified
Correct Answer:
Verified
Q143: A company wants to run a serverless
Q144: You set up your first Lambda function
Q145: An organization is trying to setup a
Q146: An organization has 4 people in the
Q147: You are developing a new mobile application
Q149: A web application is hosted in a
Q150: A user has created a VPC with
Q151: A company has released a new version
Q152: You are migrating a legacy client-server application
Q153: A company stores sales transaction data in