Secure Architecture II

Prepare yourself for the AWS Certified Solutions Architect Associate SAA-C03 Certificate exam by approaching practice questions that focus on IAM Identity Center, private subnets, AWS Direct Connect, AWS Site-to-Site VPN, IAM Instance profiles, and KMS for encryption to design secure architectures.

Question 23

A developer in your organization needs specific permissions to manage DynamoDB operations, including creating, deleting, and updating tables, as well as scanning and querying the database. To enhance security and ensure that no long-term credentials are exposed, you decide to use a solution that provides temporary access. Additionally, you want to make sure the solution is easy to manage and scalable as more developers join the team.

Which approach will best meet these requirements?

A. Create an IAM user for each developer with policies attached for the required DynamoDB operations and enforce regular password changes.

B. Create a dedicated IAM role with policies for the required DynamoDB operations, then configure an identity provider (IAM Identity Center) to allow developers to assume this role and obtain temporary credentials.

C. Use AWS Secrets Manager to store and rotate credentials for DynamoDB, providing developers access to the secrets needed to perform their tasks.

D. Implement a combination of AWS Lambda and AWS Step Functions to automate the issuance of temporary credentials for developers to use with DynamoDB operations.

Get hands-on with 1400+ tech skills courses.