A company`s AWS account consists of approximately 300 IAM users. Now there is a mandate that an access change is required for 100 IAM users to have unlimited privileges to S3. As a system administrator, how can you implement this effectively so that there is no need to apply the policy at the individual user level?

Answer options:

A.Create a new role and add each user to the IAM role.
B.Use the IAM groups and add users, based upon their role, to different groups and apply the policy to the group.
C.Create a policy and apply it to multiple users using a JSON script.
D.Create an S3 bucket policy with unlimited access which includes each user`s AWS account ID.

Answer – B
Option A is incorrect since you don’t add a user to the IAM Role.
Option C is incorrect since you don’t assign multiple users to a policy.
Option D is incorrect since this is not an ideal approach.
An IAM group is used to manage users who need the same set of permissions collectively. By having groups, it becomes easier to manage permissions. So if you change the permissions on the group scale, it will affect all the users in that group.
For more information on IAM Groups, just browse to the below URL:
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_groups.html