Question #1152
A company needs to categorize its users into logical units to efficiently apply access policies across multiple accounts. Which AWS service or feature should be used to achieve this?
Security groups
AWS Identity and Access Management (IAM)
Resource groups
AWS Security Hub
Explanation
The correct answer is B (AWS IAM) because:
- IAM Groups allow organizing users into logical units and attaching policies to grant permissions collectively, ensuring efficient policy management.
- Security Groups (A) control network traffic for resources like EC2 instances, not user access policies.
- Resource Groups (C) organize AWS resources (e.g., EC2, S3), not users or access policies.
- AWS Security Hub (D) aggregates security findings but does not manage user access.
Key Points:
- IAM Groups simplify policy application by grouping users with similar access needs.
- Cross-account access can be achieved via IAM roles or AWS Organizations, but user grouping is inherently an IAM feature.
- Security Groups and Resource Groups are resource-centric, not user-centric.
Answer
The correct answer is: B