An organization has created 50 IAM users. The organization has introduced a new policy which will change the
access of an IAM user. How can the organization implement this effectively so that there is no need to apply
the policy at the individual user level?
A.
Use the IAM groups and add users as per their role to different groups and apply policy to group
B.
The user can create a policy and apply it to multiple users in a single go with the AWS CLI
C.
Add each user to the IAM role as per their organization role to achieve effective policy setup
D.
Use the IAM role and implement access at the role level
Explanation:
With AWS IAM, a group is a collection of IAM users. A group allows the user to specify permissions for a
collection of users, which can make it easier to manage the permissions for those users. A group helps an
organization manage access in a better way; instead of applying at the individual level, the organization can
apply at the group level which is applicable to all the users who are a part of that group.
Frank, Seth, Tom, please advice. as per my little knowledge it can be C
http://docs.aws.amazon.com/IAM/latest/UserGuide/id.html
A.
Use the IAM groups and add users as per their role to different groups and apply policy to group
An IAM group is a collection of IAM users. You can use groups to specify permissions for a collection of users, which can make those permissions easier to manage for those users.
Agree with A. Groups for Users.
IAM Roles are for other resources, such as EC2 instances.
A
a
A
C
A