A third party auditor is being brought in to review security processes and configurations for all of a company's AWS accounts. Currently, the company does not use any on-premise identity provider. Instead, they rely on IAM accounts in each of their AWS accounts. The auditor needs read-only access to all AWS resources for each AWS account. Given the requirements, what is the best security method for architecting access for the security auditor?

• Create an IAM user for each AWS account with read-only permission policies for the auditor, and disable each account when the audit is complete
• Configure an on-premise AD server and enable SAML and identify federation for single sign-on to each AWS account
• Create an IAM role with read-only permissions to all AWS services in each AWS account. Create one auditor IAM account and add a permissions policy that allows the auditor to assume the ARN role for each AWS account that has an assigned role.
• Create a custom identity broker application that allows the auditor to use existing Amazon credentials to Log into the AWS environments