An organization has two AWS accounts: Development and Production. A SysOps Administrator manages access of IAM users to both accounts. Some IAM users in Development should have access to certain resources in Production.
How can this be accomplished?
A. Create an IAM role in the Production account with the Development account as a trusted entity and then allow those users from the Development account to assume the Production account IAM role.
B. Create a group of IAM users in the Development account, and add Production account service ARNs as resources in the IAM policy.
C. Establish a federation between the two accounts using the on-premises Microsoft Active Directory, and allow the Development account to access the Production account through this federation.
D. Establish an Amazon Cognito Federated Identity between the two accounts, and allow the Development account to access the Production account through this federation.
How can this be accomplished?
A. Create an IAM role in the Production account with the Development account as a trusted entity and then allow those users from the Development account to assume the Production account IAM role.
B. Create a group of IAM users in the Development account, and add Production account service ARNs as resources in the IAM policy.
C. Establish a federation between the two accounts using the on-premises Microsoft Active Directory, and allow the Development account to access the Production account through this federation.
D. Establish an Amazon Cognito Federated Identity between the two accounts, and allow the Development account to access the Production account through this federation.