How can you analyze the 'Blast Radius' of a potential IAM user compromise by identifying exactly which resources that user has permission to access across your entire AWS Organization?

You need to grant developers read-only access to Amazon S3 buckets without giving them access to other services. What's the best approach using AWS IAM?

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?

You need to grant developers read-only access to Amazon S3 buckets without giving them access to other services. What's the best approach using AWS IAM?

Your organization has multiple cloud accounts. Users in Account A need temporary access to resources in Account B. What AWS IAM feature should you use?

You need to grant developers read-only access to Amazon S3 buckets without giving them access to other services. What's the best approach using AWS IAM?