A company allows its developers to attach existing 1AM policies to existing 1AM roles to enable faster experimentation and agility.
However the security operations team is concerned that the developers could attach the existing administrator policy, which would allow the developers to circumvent any other security policies.
How should a solutions architect address this issue?
A . Create an Amazon SNS topic to send an alert every time a developer creates a new policy
B . Use service control policies to disable IAM activity across all accounts in the organizational unit
C . Prevent the developers from attaching any policies and assign all 1AM duties to the security operations team
D . Set an IAM permissions boundary on the developer 1AM role that explicitly denies attaching the administrator policy
Answer: C
Explanation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html
Latest SAA-C02 Dumps Valid Version with 230 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund