Which THREE of the following are best practices for managing IAM roles in AWS Organizations? (Choose three.)
SCPs help centrally control permissions for all accounts.
Why this answer
Using IAM roles to delegate access across accounts is a best practice. Creating roles with least privilege and using service control policies (SCPs) to enforce permission boundaries are also best practices. Sharing root user credentials is never a best practice.
Using a single IAM user across accounts is not recommended.