AWS Certified Solutions Architect – Professional SAP-C01 – Question107

Within the IAM service a GROUP is regarded as a:

A.
A collection of AWS accounts
B. It's the group of EC2 machines that gain the permissions specified in the GROUP.
C. There's no GROUP in IAM, but only USERS and RESOURCES.
D. A collection of users.

Correct Answer: D

Explanation:

Explanation: Use groups to assign permissions to IAM users Instead of defining permissions for individual IAM users, it’s usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.), define the relevant permissions for each group, and then assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to. Reference:
http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html…