🔥 3-day streak
AWS Certified Security - Specialty103 / 157
Question 103 of 157

A security team wants to let application developers create and manage IAM roles for their own workloads without being able to grant those roles more permissions than the developers themselves are allowed. Developers currently have an identity policy that allows iam:CreateRole, iam:AttachRolePolicy, and iam:PutRolePolicy. The security team is concerned developers could create a role with AdministratorAccess and then assume it to escalate privileges. Which approach enforces this restriction with least operational overhead?

Reviewed for accuracy · Report an issueNext question