Q53 — AWS DVA-C02 Ch.2
Question 53 of 100 | ← Chapter 2
A company has a development team using AWS CodeCommit for version control. The team has a CodeCommit repository in a single AWS account. The team is expanding to include developers working from different locations. The company must ensure developers can securely access these repositories. Which solution meets these requirements in the most operationally efficient way?
- A. Configure an IAM role for each developer and grant access individually.
- B. Configure permission sets in AWS IAM Identity Center to grant access to the account. ✓
- C. Share AWS access keys with the development team for direct repository access.
- D. Use public SSH keys for authentication to CodeCommit repositories.
Correct Answer: B. Configure permission sets in AWS IAM Identity Center to grant access to the account.
Explanation
Option A—configuring individual IAM roles per developer—enables access control but is operationally complex and difficult to scale, especially as team size and account count grow. Option B—configuring permission sets in AWS IAM Identity Center (formerly AWS SSO)—is the most operationally efficient approach. IAM Identity Center centralizes user and permission management, simplifying cross-account access control. Developers authenticate through a unified identity system, enhancing both security and manageability. Option C—sharing AWS access keys—is insecure, increases audit and revocation complexity, and violates security best practices. Option D—using SSH keys—provides secure CodeCommit access but does not address multi-account access governance or integration with centralized permission management. Therefore, Option B is optimal, delivering scalable, centralized, and secure access management. 【Lantern Certification provided by: swufelp1999】