A company's AWS account consists of approximately 300 IAM users.
Now there is a mandate that an access change is required for 100 IAM users to have unlimited privileges to S3
As a system administrator, how can you implement this effectively so that there is no need to apply the policy at the individual user level?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
Option A is incorrect since you don't add a user to the IAM Role.
Option C is incorrect since you don't assign multiple users to a policy.
Option D is incorrect since this is not an ideal approach.
An IAM group is used to manage users who need the same set of permissions collectively.
By having groups, it becomes easier to manage permissions.
So if you change the permissions on the group scale, it will affect all the users in that group.
For more information on IAM Groups, just browse to the below URL:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.htmlThe most effective way to implement the access change for 100 IAM users to have unlimited privileges to S3, without applying the policy at the individual user level, is to use IAM groups and apply the policy to the group. Therefore, answer option B is the correct answer.
Here's a more detailed explanation:
IAM groups are a way to group users with similar roles or responsibilities and apply policies to them as a group. This simplifies the management of permissions and access control, as changes can be made to the group and all members will inherit the changes.
To implement the access change for 100 IAM users to have unlimited privileges to S3 using IAM groups, you would follow these steps:
Create an IAM group: Create a new IAM group and give it a descriptive name, such as "S3-Unlimited-Access-Group".
Add users to the group: Add the 100 IAM users that require unlimited access to S3 to the new group.
Create an S3 policy: Create an S3 policy that grants unlimited access to the required resources. You can create the policy using the AWS Management Console, AWS CLI, or API.
Apply the policy to the group: Once the policy has been created, apply it to the newly created IAM group by attaching it to the group. This can be done using the AWS Management Console, AWS CLI, or API.
By applying the policy to the IAM group, you ensure that all members of the group inherit the same permissions without having to apply the policy at the individual user level. This makes the management of permissions much simpler and easier to maintain in the long run.
Option A is not the best answer because it involves creating a role for each user, which would result in a lot of administrative overhead and a more complex management process.
Option C is not the best answer because although you can apply a policy to multiple users using a JSON script, this would still require you to specify each user in the script, which defeats the purpose of avoiding individual user level changes.
Option D is not the best answer because creating an S3 bucket policy with unlimited access for each user's AWS account ID would be highly risky, as it would allow any user with that account ID unrestricted access to the bucket.