Design Secure Access to AWS Resources
In this task statement, you are expected to have knowledge of access controls and management across multiple AWS accounts, AWS federated access and identity services such as IAM and AWS IAM Identity Center, the AWS Global Infrastructure, and AWS security best practices such as the principle of least privilege and the shared responsibility model. In terms of skills, you should be able to apply AWS security best practices to IAM users and root users, including using multi-factor authentication (MFA). You should be able to design a flexible authorization model using IAM users, groups, roles, and policies, as well as a role-based access control (RBAC) strategy leveraging services such as AWS Security Token Service (STS), role switching, and cross-account access. You must also be able to design a security strategy for multiple AWS accounts, utilizing features such as AWS Control Tower and Service Control Policies (SCPs).
Finally, you should be...
