Results -
23 votes
A third party auditor is being brought in to review security processes and configurations for all of a company's AWS accounts. Currently, the company does not use any on-premise identity provider. Instead, they rely on IAM accounts in each of their AWS accounts. The auditor needs read-only access to all AWS resources for each AWS account. Given the requirements, what is the best security method for architecting access for the security auditor?
|
Create an IAM user for each AWS account with read-only permission policies for the auditor, and disable each account when the audit is complete 8.7% (2 votes)
Configure an on-premise AD server and enable SAML and identify federation for single sign-on to each AWS account 0.0% (0 votes)
Create an IAM role with read-only permissions to all AWS services in each AWS account. Create one auditor IAM account and add a permissions policy that allows the auditor to assume the ARN role for each AWS account that has an assigned role. 87.0% (20 votes)
Create a custom identity broker application that allows the auditor to use existing Amazon credentials to Log into the AWS environments 4.3% (1 vote)
|