🔥 3-day streak
AWS Certified DevOps Engineer - Professional176 / 204
Question 176 of 204

A company allows individual application teams to create their own IAM roles for Lambda functions and EC2 instances so they can move quickly. The security team is concerned that developers could create roles with more privileges than they themselves hold, effectively escalating privileges. The security team wants to let developers continue self-servicing IAM role creation, but guarantee that no role they create can ever exceed a defined maximum set of permissions, and that developers cannot bypass the control by editing or deleting it. Which approach BEST meets these requirements?

Reviewed for accuracy · Report an issueNext question