🔥 3-day streak
AWS Certified Security - Specialty58 / 157
Question 58 of 157
A company uses AWS IAM Identity Center (successor to AWS SSO) to manage workforce access across 40 accounts in an organization. The security team wants developers in the 'AppDev' group to receive identical read/write permissions to a specific set of DynamoDB tables in every account, but the exact table ARNs differ per account because they include the account ID. Administrators must be able to update the permission logic in one place and have it propagate to all assigned accounts automatically. Which approach BEST meets these requirements?
Reviewed for accuracy · Report an issueNext question