A company has a multi-account AWS environment that includes the following:
A central identity account that contains all IAM users and groups
Several member accounts that contain IAM roles
A SysOp administrator must grant permissions for a particular IAM group to assume o role in one of the member accounts
How should the SysOps administrator accomplish this task?
A . In the member account, add sts: AssumeRole permissions to the role’s policy. In the identity account, add a trusted policy to the group that specifies the account number of the member account.
B . In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy. In the identity account, add an inline policy to the group with sts: AssumeRole permissions.
C . In the member account, add the group Amazon Resource Name (ARN) to the role’s trust policy. In the identity account. Add an inline policy to the group with sts: PassRole permission.
D . In the member account, add the group Amazon Resource Name (ARN) to the role’s inline policy. In the identity account, add a trust policy to the group with sts:AssumeRole permissions.
Answer: A