Home › Forums › AWS › AWS Certified Cloud Practitioner › Security question lacks clarity › Reply To: Security question lacks clarity
-
Hi Etienne,
Thank you for posting your question. I’ll do my best to provide an explanation on this item.
In an AWS environment, there are cases when one service has multiple administrators, or multiple users with read/write access in a team. As such, there are also definitely occasions wherein a team member will accidentally delete something, as part of a routine clean up process for example. If the team does not have adequate access control policies in place, or the team requires elevated permissions, then the best approach for this scenario is to enable MFA delete on objects that shouldn’t be deleted by anyone else but the owner. It is not necessarily about hijacking an IAM user, but rather a mere human error.
This is what I believe is the scenario of this item. We’ll also definitely review this item and see if we can improve the wording of it. I hope I was able to help sort out the confusion.
Regards,
Adrian Formaran @ Tutorials Dojo