Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

$4 OFF AWS Security Specialty Practice Exams

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Review Set 5 – excute IAM actions for supervisory role Reply To: Review Set 5 – excute IAM actions for supervisory role

  • Irene-TutorialsDojo

    Administrator
    August 19, 2024 at 9:10 am

    Hi AudreyST,

    Thank you for reaching out with your question. The primary focus of the question is to implement a policy restricting IAM actions to supervisory levels across all AWS accounts in your organization. While the scenario specifies a cloud manager who lacks access to all accounts, the main difficulty is enforcing IAM limitations for non-supervisory jobs across the corporation.

    AWS Service Control Policies (SCPs) are the preferred method to do this effectively. SCPs enable you to centrally manage and enforce permissions for all accounts in an AWS Organization. Applying a SCP at the root Organizational Unit (OU) level allows you to effectively block IAM actions to non-supervisory roles across the company.

    In summary, while the IAM permissions for the cloud manager are included in the scenario, the question’s main goal is to guide you toward using SCPs to build the appropriate policy for supervisory roles.

    Please let us know if you have any further questions or need additional assistance!

    Cheers,

    Irene @ Tutorials Dojo