Question 265:
You are an AWS administrator in a company. You are in charge of creating IAM roles and allocating the roles to developers. Some IAM permissions in the IAM roles may not be required after some time. You want to use a Lambda function to check each IAM role and if a certain service is not accessed for more than 60 days, you should get a notification. Then you can revise the IAM role with suitable permissions. Which of the following methods can achieve the requirement?
Answer options:
A.Create a Lambda function to get the IAM access data using the AWS Config APIs. Send an SNS notification if the AWS Config timeline shows that a service is not used for more than 60 days. B.Run a Lambda function to get the IAM execution report every day. Analyze the report and pick up the services that are not used for over 60 days. Notify the team through an SNS notification. C.Create a Lambda function to get the last accessed details using the IAM access advisor APIs. Send an SNS notification if a permitted service is not accessed for more than 60 days. D.Execute a Lambda function that gets the IAM insights through the IAM get-insight API. Send the team an SNS notification if a service is permitted but not used for more than 60 days.