Question

Which of the following are best practices to secure your account using AWS Identity and Access Management (IAM)? (Choose two.)

Leave unused and unnecessary users and credentials in place.

Manage access to AWS resources.

Provide users with default administrative privileges.

Avoid using IAM groups to grant the same access permissions to multiple users.

Define fine-grained access

Answer 1

To secure an AWS account using IAM, you should manage access to AWS resources and define fine-grained access controls, rather than leaving unnecessary credentials or using default admin privileges.

Step-by-step explanation:

Best practices for securing your account using AWS Identity and Access Management (IAM) involve strategies to manage and minimize access risks. Among the options given, the two best practices are:

• Manage access to AWS resources.
• Define fine-grained access.

It is important to regularly review and ensure that only necessary users and credentials are in place, eliminating any that are unused or unnecessary. Also, rather than providing users with default administrative privileges, which can result in excessive permissions, fine-grained access control should be employed. This means granting users the least privilege necessary to perform their tasks.

Using IAM groups can be efficient and secure when looking to grant the same access permissions to multiple users. Groups simplify the process of managing permissions for multiple users with similar job functions or requirements.