A company is preparing to give AWS Management Console access to developers Company policy mandates
identity federation and role-based access control. Roles are currently assigned using groups in the corporate
Active Directory. What combination of the following will give developers access to the AWS console? (Select 2)
Choose 2 answers
A.
AWS Directory Service AD Connector
B.
AWS Directory Service Simple AD
C.
AWS Identity and Access Management groups
D.
AWS identity and Access Management roles
E.
AWS identity and Access Management users
A and C
A and D
it looks like only D is true??
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml.html
I choose AC
A and D. 99.99%
https://blogs.aws.amazon.com/security/post/Tx2PC3QQDXJKASD/How-to-Connect-Your-On-Premises-Active-Directory-to-AWS-Using-AD-Connector
A and D
I also say its A & D
Question clearly says “Company policy mandates
identity federation and role-based access control. Roles are currently assigned using groups in the corporate Active Directory”, hence we have to use IAM Roles in this case instead of IAM Group or IAM Users.
True…Role based access control is enforced. So A and D.
A and D, also AssumeRoleWithSAML is assumed or called for temporary access credentials
http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithSAML.html
AD
AD
AD
AD
https://aws.amazon.com/blogs/security/how-to-connect-your-on-premises-active-directory-to-aws-using-ad-connector/
Assign users to roles
Now that AD Connector is configured and you’ve created a role, your next job is to assign users or groups to those IAM roles
Answer
AD –
AD
Roles are currently assigned using groups in the corporate
Active Directory.
AC