AWS Certified SysOps Administrator Practice Exam

How can a multi-account strategy effectively manage the shared use of AWS resources?

• A. By duplicating resources in every account
• B. By centralizing user access in one account
• C. By implementing IAM roles and permissions
• D. By avoiding any shared resources across accounts

The correct answer is: By implementing IAM roles and permissions

Using a multi-account strategy to effectively manage shared use of AWS resources is significantly enhanced by implementing IAM roles and permissions. With AWS Identity and Access Management (IAM), organizations can create roles that define specific permissions, granting users or services access to resources across multiple accounts without needing to duplicate them. This approach allows for a centralized management of permissions while maintaining segregation and security between accounts. For instance, a user in one AWS account may need to access resources from another account. By utilizing IAM roles, the necessary permissions can be granted in a controlled manner, allowing users to assume roles from different accounts and gain the access required to perform their jobs. This reduces the complexity of managing multiple copies of the same resource and minimizes the risk of misconfiguration or security vulnerabilities that can arise from duplicating resources across accounts. In contrast to the other approaches, duplicating resources in every account can lead to inefficient use of resources and increased costs. Centralizing user access in one account could create a single point of failure and doesn't scale well across numerous accounts. Avoiding any shared resources across accounts entirely could limit collaboration and flexibility, making it difficult to utilize AWS services efficiently. Thus, IAM roles and permissions stand out as the most effective method for managing a multi-account architecture on AWS.