DVA-C02 Question #405: Real Exam Question with Answer & Explanation

Question

A company has a development team that uses AWS CodeCommit for version control. The development team has CodeCommit repositories in multiple AWS accounts. The team is expanding to include developers who work in various locations. The company must ensure that the developers have secure access to the repositories. Which solution will meet these requirements in the MOST operationally efficient way?

Options

• AConfigure IAM roles for each developer and grant access individually.
• BConfigure permission sets in AWS IAM Identity Center to grant access to the accounts.
• CShare AWS access keys with the development team for direct repository access.
• DUse public SSH keys for authentication to the CodeCommit repositories.

Explanation

Providing secure, centrally managed access to CodeCommit repositories across multiple AWS accounts for many developers is most efficiently handled using AWS IAM Identity Center permission sets.

Common mistakes.

• A. Configuring individual IAM roles per developer across multiple accounts requires significant manual effort and does not scale operationally as the team grows.
• C. Sharing AWS access keys is a critical security anti-pattern that violates least-privilege principles, lacks auditability per individual, and creates a credential management nightmare.
• D. SSH public key authentication to CodeCommit is valid but must be configured per-user per-account in IAM and lacks the centralized management and scalability of IAM Identity Center.

Concept tested. Centralized multi-account access with IAM Identity Center

Reference. https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html

No community discussion yet for this question.