Practice free →
HomeAWS Developer Associatecloudcomputingawsdevsecurity › Which IAM feature lets a developer's IAM role te…

Which IAM feature lets a developer's IAM role temporarily "impersonate" a service-account-like role in a different AWS account, scoped to a specific session policy?

AStatically copy the target account's root credentials
BMake every IAM user the AWS account root
CDisable cross-account IAM
DAWS Security Token Service (STS) AssumeRole with an attached session policy
Answer & Solution
Correct answer: D. AWS Security Token Service (STS) AssumeRole with an attached session policy
STS AssumeRole + an inline session policy lets a principal assume a target role for a bounded window with further-restricted permissions. The other options are credential-theft anti-patterns.
Solve this in the app — AWS Developer Associate practice & 24k+ MCQs →
Related questions