Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Discussions
  1. Home
  2. Discussions
  3. Amazon Web Services
  4. AWS Solutions Architect Associate
  5. SAA-C03 Discussions
  6. SAA-C03 Exam Topic 26 Question 249 Discussion
 Amazon Web Services Discussions
Exam SAA-C03 All Questions
Exam SAA-C03 All Questions

View all questions & answers for the SAA-C03 exam

Go to Exam

Amazon Web Services AWS Solutions Architect Associate SAA-C03 Question # 249 Topic 26 Discussion

SAA-C03 Exam Topic 26 Question 249 Discussion:
Question #: 249
Topic #: 26

A company runs an infrastructure monitoring service. The company is building a new feature that will enable the service to monitor data in customer AWS accounts. The new feature will call AWS APIs in customer accounts to describe Amazon EC2 instances and read Amazon CloudWatch metrics.

What should the company do to obtain access to customer accounts in the MOST secure way?
A.

Ensure that the customers create an IAM role in their account with read-only EC2 and CloudWatch permissions and a trust policy to the company's account.

B.

Create a serverless API that implements a token vending machine to provide temporary AWS credentials for a role with read-only EC2 and CloudWatch permissions.

C.

Ensure that the customers create an IAM user in their account with read-only EC2 and CloudWatch permissions. Encrypt and store customer access and secret keys in a secrets management system.

D.

Ensure that the customers create an Amazon Cognito user in their account to use an IAM role with read-only EC2 and CloudWatch permissions. Encrypt and store the Amazon Cognito user and password in a secrets management system.

Get Premium SAA-C03 Questions
Actual exam question for Amazon Web Services SAA-C03 exam by Nova7286 at May 3, 2026, 12:06:24 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit