You are looking to migrate your Development (Dev) and Test environments to AWS. You
have decided to use separate AWS accounts to host each environment. You plan to link each
accounts bill to a Master AWS account using Consolidated Billing. To make sure you Keep
within budget you would like to implement a way for administrators in the Master account to
have access to stop, delete and/or terminate resources in both the Dev and Test accounts.
Identify which option will allow you to achieve this goal.
A.
Create IAM users in the Master account with full Admin permissions. Create cross-account roles
in the Dev and Test accounts that grant the Master account access to the resources in the
account by inheriting permissions from the Master account.
B.
Create IAM users and a cross-account role in the Master account that grants full Admin
permissions to the Dev and Test accounts.
C.
Create IAM users in the Master account
Create cross-account roles in the Dev and Test accounts that have full Admin permissions and
grant the Master account access.
D.
Link the accounts using Consolidated Billing. This will give IAM users in the Master account
access to resources in the Dev and Test accounts
Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html
C.
Create role which have admin permission in the Dev and Test account, and grant that role for the Master account. Then, users in the Master account that have “AssumeRole” permission can switch to the role created in Dev and Test.
I opt for C