A company is using AWS Organizations with multiple accounts. The Security team wants to centrally manage IAM roles that can be assumed by users in member accounts. Which solution should be used to enforce that only specific roles can be assumed across accounts, while ensuring that the policy updates are automatically applied to all accounts?
Select one:
The trap here is that candidates often confuse SCPs with IAM policies, thinking SCPs can grant permi...