Question 358:
A company has 2 accounts- one is a development account, and the other is a production account. There are 20 people on the development account who now need various access levels provided to them on the production account. 10 of them need read-only access to all resources on the production account, 5 of them need read/write access to EC2 resources, and the remaining 5 only need read-only access to S3 buckets. Which of the following options would be the best way for both practical and security-wise to accomplish this task?
Answer options:
A.Create 3 roles in the production account with a different policy for each of the access levels needed. Add permissions to each IAM User in the development account to assume a role on the production account based on the type of access needed. B.Create 3 new users on the production account with the various levels of permissions needed. Give each of the 20 users the login for whichever one of the 3 users they need depending on the level of access required. C.Create encryption keys for each of the resources that need access and provide those keys to each user depending on the access required. D.Copy the 20 users IAM accounts from the development account to the production account. Then change the access levels for each user on the production account.