🔥 3-day streak
AWS Certified Security - Specialty126 / 184
Question 126 of 184
A security team wants to let application developers create IAM roles for their Lambda functions without opening a ticket, but must prevent developers from granting those roles more permissions than the developers themselves are allowed to use. The team creates a managed policy that defines the maximum allowable permissions and requires developers to attach it as a permission boundary to any role they create. However, developers are still able to create roles that omit the boundary entirely, gaining broader access. What is the MOST effective way to enforce that every role created by developers has the required permission boundary attached?
Reviewed for accuracy · Report an issueNext question