DVA-C02 Question #636: Real Exam Question with Answer & Explanation

Question

A developer uses AWS IAM Identity Center to interact with the AWS CLI and AWS SDKs on a local workstation. API calls to AWS services were working when the SSO access was first configured. However, the developer is now receiving Access Denied errors. The developer has not changed any configuration files or scripts that were previously working on the workstation. What is the MOST likely cause of the developer's access issue?

Options

• AThe access permissions to the developer's AWS CLI binary file have changed.
• BThe permission set that is assumed by IAM Identity Center does not have the necessary
• CThe credentials from the IAM Identity Center federated role have expired.
• DThe developer is attempting to make API calls to the incorrect AWS account.

Explanation

IAM Identity Center credentials are temporary and expire after a configured session duration; the developer must re-authenticate with 'aws sso login' to refresh them.

Common mistakes.

• A. File permission changes on the CLI binary would prevent the CLI from executing at all rather than producing AWS API-level Access Denied responses.
• B. Permission sets configured by administrators do not change automatically; if permissions were sufficient before and no administrator made changes, this is not the cause of a sudden failure.
• D. Calling the wrong AWS account would be a configuration error present from the beginning of setup, not something that spontaneously appears after previously working correctly.

Concept tested. IAM Identity Center SSO credential expiration and refresh

Reference. https://docs.aws.amazon.com/cli/latest/userguide/sso-configure-profile-token.html

No community discussion yet for this question.