You are managing the AWS account of a big organization. The organization has more than 1000+
employees and they want to provide access to the various services to most of the employees.
Which of the below mentioned options is the best possible solution in this case?
A.
The user should create a separate IAM user for each employee and provide access to them as
per
the policy
B.
The user should create an IAM role and attach STS with the role. The user should attach that
role to
the EC2 instance and setup AWS authentication on that server
C.
The user should create IAM groups as per the organization’s departments and add each user to
the
group for better access control
D.
Attach an IAM role with the organization’s authentication service to authorize each user for
various
AWS services
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage
users and user permissions for various AWS services. The user is managing an AWS account for
an organization that already has an identity system, such as the login system for the corporate
network (SSO.. In this case, instead of creating individual IAM users or groups for each user who
need AWS access, it may be more practical to use a proxy server to translate the user identities
from the organization network into the temporary AWS security credentials. This proxy server will
attach an IAM role to the user after authentication.
D
D