SAP-C02 Question 309
Question
A company is using AWS Organizations with a multi-account architecture. The company's current security configuration for the account architecture includes SCPs, resource-based policies, identity-based policies, trust policies, and session policies. A solutions architect needs to allow an IAM user in Account A to assume a role in Account B. Which combination of steps must the solutions architect take to meet this requirement? (Choose three.)
Options
A. Configure the SCP for Account A to allow the action.
B. Configure the resource-based policies to allow the action.
C. Configure the identity-based policy on the user in Account A to allow the action.
D. Configure the identity-based policy on the user in Account B to allow the action.
E. Configure the trust policy on the target role in Account B to allow the action.
F. Configure the session policy to allow the action and to be passed programmatically by the GetSessionToken API operation.
Answer
ACE
Explanation
Correct answer: ACE Explanation: Key requirements: security, AWS Organizations governance, SCP restrictions, Core services: S3, IAM, Organizations, Config. Correct option: A. Configure the SCP for Account A to allow the ...