Secure Architecture II
Explore secure AWS architecture design focusing on temporary access management, encryption, compliance requirements, and resilient connectivity. Understand best practices for handling permissions, data security, and failover to build compliant and manageable cloud solutions.
We'll cover the following...
Question 23
A developer in your organization needs specific permissions to manage DynamoDB operations, including creating, deleting, and updating tables, as well as scanning and querying the database. To enhance security and ensure that no long-term credentials are exposed, you decide to use a solution that provides temporary access. Additionally, you want to make sure the solution is easy to manage and scalable as more developers join the team.
Which approach will best meet these requirements?
A. Create an IAM user for each developer with policies attached for the required DynamoDB operations and enforce regular password changes.
B. Create a dedicated IAM role with policies for the required DynamoDB operations, then configure an identity provider (IAM Identity Center) to allow developers to assume this role and obtain temporary credentials.
C. Use AWS Secrets Manager to store and rotate credentials for DynamoDB, providing developers access to the secrets needed to perform their ...