Which of the following would meet all of these conditions:

An enterprise wants to use a third-party SaaS application. The SaaS application needs to have
access to issue several API commands to discover Amazon EC2 resources running within the
enterprise’s account. The enterprise has internal security policies that require any outside access
to their environment must conform to the principles of least privilege, and there must be controls
in place to ensure that the credentials used by the SaaS vendor cannot be used by any other

third party.
Which of the following would meet all of these conditions:

An enterprise wants to use a third-party SaaS application. The SaaS application needs to have
access to issue several API commands to discover Amazon EC2 resources running within the
enterprise’s account. The enterprise has internal security policies that require any outside access
to their environment must conform to the principles of least privilege, and there must be controls
in place to ensure that the credentials used by the SaaS vendor cannot be used by any other

third party.
Which of the following would meet all of these conditions:

A.
Create an IAM role for cross-account access, allow the SaaS provider’s account to assume the
role, and assign it a policy that allows only the actions required by the SaaS application.

B.
From the AWS Management Console navigate to the Security Credentials page and retrieve the
access and secret key for your account.

C.
Create an IAM role for EC2 instances, assign it a policy that allows only the actions required for
the SaaS application to work, provide the role ARN to the SaaS provider to use when launching
their application instances.

D.
Create an IAM user within the enterprise account, assign a user policy to the IAM user that allows
only the actions required by the SaaS application, create a new access and secret key for the
user and provide these credentials to the SaaS provider.

Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html



Leave a Reply 0

Your email address will not be published. Required fields are marked *