🔥 3-day streak
AWS Certified Data Engineer - Associate63 / 159
Question 63 of 159

A financial services company allows senior data engineers to create IAM roles for their own Glue jobs and Lambda functions. The security team is concerned that engineers could create roles with broader permissions than intended (for example, granting full S3 or KMS access to production buckets). The team wants to guarantee that any role an engineer creates can never exceed a defined maximum set of permissions, regardless of the policies the engineer attaches. Which approach meets this requirement?

Reviewed for accuracy · Report an issueNext question