An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C.
What is the MOST secure way to allow the application to call AWS services in each audited account?
A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B. Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C. Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D. Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys
What is the MOST secure way to allow the application to call AWS services in each audited account?
A. Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
B. Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
C. Deploy an application in each audited account with its own role. Have Account A authenticate with the application
D. Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys