🔥 3-day streak
AWS Certified Security - Specialty74 / 184
Question 74 of 184

A company uses AWS IAM Identity Center (successor to AWS SSO) with an external SAML 2.0 identity provider. Workforce users are assigned to multiple AWS accounts through permission sets. The security team wants to grant each user access only to EC2 instances tagged with their department, without creating a separate permission set per department, and without editing policies whenever a new department is added. Which approach best achieves this at scale?

Reviewed for accuracy · Report an issueNext question