Q40 — AWS DVA-C02 Ch.1
Question 40 of 100 | ← Chapter 1
A developer needs temporary access to resources in a second AWS account. What is the most secure approach?
- A. Use an Amazon Cognito user pool to obtain short-term credentials for the second account.
- B. Create a dedicated IAM access key for the second account and email it.
- C. Create a cross-account access role and use the sts:AssumeRole API to obtain short-term credentials. ✓
- D. Establish a trust relationship and add the second account’s SSH key to the IAM user.
Correct Answer: C. Create a cross-account access role and use the sts:AssumeRole API to obtain short-term credentials.
Explanation
The most secure method is to create a cross-account access role and use the sts:AssumeRole API to obtain temporary credentials. This allows users or roles in the first account to assume a role in the second account and receive time-limited credentials to access its resources—without sharing long-term credentials or keys. This approach ensures temporariness and security, with credentials automatically expiring after use, minimizing potential security risks. 【Lantern Certification provided by: swufelp1999】