Posted by: Pdfprep
Post Date: November 22, 2020
A Developer needs temporary access to resources in a second account.
What is the MOST secure way to achieve this?
A . Use the Amazon Cognito user pools to get short-lived credentials for the second account.
B . Create a dedicated IAM access key for the second account, and send it by mail.
C . Create a cross-account access role, and use sts:AssumeRoleAPI to get short-lived credentials.
D . Establish trust, and add an SSH key for the second account to the IAM user.
Answer: C
Explanation:
Reference: https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
Leave a Reply