IAM Quiz
You have currently contacted an AWS partner to carry out an audit for your AWS account. You need to ensure that the partner can carry out an audit on your resources. Which one of the following steps would you ideally carry out?
A.
Create an IAM user for the partner account for login purposes
B.
Create a cross account IAM Role
C.
Create an IAM group for the partner account for login purposes
D.
Create an IAM profile for the partner account for login purposes
B. Create a cross account IAM Role.
The AWS Documentation mentions the following
Cross-account IAM roles allow customers to securely grant access to AWS resources in their account to a third party, like an APN Partner, while retaining the ability to control and audit who is accessing their AWS account. Cross-account roles reduce the amount of sensitive information APN Partners need to store for their customers, so that they can focus on their product instead of managing keys. In this blog post, I explain some of the risks of sharing IAM keys, how you can implement cross-account IAM roles, and how cross-account IAM roles mitigate risks for customers and for APN Partners, particularly those who are software as a service (SaaS) providers.
Because this is clearly mentioned in the AWS Documentation , all other options are invalid
For more information on cross account roles, please refer to the below URL
https://aws.amazon.com/blogs/apn/securely-accessing-customer-aws-accounts-with-cross-account-iam-roles/