DVA-C02 · Question #405
A company has a development team that uses AWS CodeCommit for version control. The development team has CodeCommit repositories in multiple AWS accounts. The team is expanding to include developers wh
The correct answer is B. Configure permission sets in AWS IAM Identity Center to grant access to the accounts.. Providing secure, centrally managed access to CodeCommit repositories across multiple AWS accounts for many developers is most efficiently handled using AWS IAM Identity Center permission sets.
Question
A company has a development team that uses AWS CodeCommit for version control. The development team has CodeCommit repositories in multiple AWS accounts. The team is expanding to include developers who work in various locations. The company must ensure that the developers have secure access to the repositories. Which solution will meet these requirements in the MOST operationally efficient way?
Options
- AConfigure IAM roles for each developer and grant access individually.
- BConfigure permission sets in AWS IAM Identity Center to grant access to the accounts.
- CShare AWS access keys with the development team for direct repository access.
- DUse public SSH keys for authentication to the CodeCommit repositories.
How the community answered
(32 responses)- A6% (2)
- B59% (19)
- C13% (4)
- D22% (7)
Why each option
Providing secure, centrally managed access to CodeCommit repositories across multiple AWS accounts for many developers is most efficiently handled using AWS IAM Identity Center permission sets.
Configuring individual IAM roles per developer across multiple accounts requires significant manual effort and does not scale operationally as the team grows.
AWS IAM Identity Center (formerly SSO) allows administrators to define permission sets once and assign them to multiple accounts and developer groups from a central location. Developers authenticate through a single portal, and access is managed consistently without manually creating IAM roles in each account.
Sharing AWS access keys is a critical security anti-pattern that violates least-privilege principles, lacks auditability per individual, and creates a credential management nightmare.
SSH public key authentication to CodeCommit is valid but must be configured per-user per-account in IAM and lacks the centralized management and scalability of IAM Identity Center.
Concept tested: Centralized multi-account access with IAM Identity Center
Source: https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html
Community Discussion
No community discussion yet for this question.