A company is preparing to give AWS Management Console access to developers Company policy mandates identity federation and role-based access control.
Roles are currently assigned using groups in the corporate Active Directory. What combination of the following will give developers access to the AWS console?
(Select 2) Choose 2 answers
A. AWS Directory Service AD Connector
B. AWS Directory Service Simple AD
C. AWS Identity and Access Management groups
D. AWS identity and Access Management roles
E. AWS identity and Access Management users
This will be A and C. IAM Roles are used when an AWS service or process needs certain timebound permission to act on someone’s behalf, not for users to log into the AWS console. In this case, the developers are already added to AD groups, so the AD Connector will simply validate the existence of the user in the AD group.
I think it is still Role and not Group.
https://aws.amazon.com/blogs/security/how-to-access-the-aws-management-console-using-aws-microsoft-ad-and-your-on-premises-credentials/