Home / Amazon / CLF-C01 / Question 92

How would an AWS customer easily apply common access controls to a large set of users?

• A. Apply an IAM policy to an IAM group.

• B. Apply an IAM policy to an IAM role.

• C. Apply the same IAM policy to all IAM users with access to the same workload.

• D. Apply an IAM policy to an Amazon Cognito user pool.

Instead of defining permissions for individual IAM users, it's usually more convenient to create groups that relate to job functions (administrators, developers, accounting, etc.). Next, define the relevant permissions for each group. Finally, assign IAM users to those groups. All the users in an IAM group inherit the permissions assigned to the group. That way, you can make changes for everyone in a group in just one place. As people move around in your company, you can simply change what IAM group their IAM user belongs to.https://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html