🔥 3-day streak
AWS Certified Solutions Architect - Professional77 / 186
Question 77 of 186
A large enterprise uses AWS IAM Identity Center federated with an external corporate identity provider. The company has 300 AWS accounts organized by business unit and project. As teams grow, the security team is overwhelmed by creating and maintaining separate permission sets for every combination of business unit and project. They want engineers to only access resources tagged with their own business unit, without creating hundreds of unique permission sets. Which approach best meets this requirement with the least ongoing administrative overhead?
Reviewed for accuracy · Report an issueNext question