AWS Certified Developer Associate (#157)

An application is being developed to audit several AWS accounts. The application will run in Account A and must access AWS services in Accounts B and C. What is the MOST secure way to allow the application to call AWS services in each audited account?

Configure cross-account roles in each audited account. Write code in Account A that assumes those roles
Use S3 cross-region replication to communicate among accounts, with Amazon S3 event notifications to trigger Lambda functions
Deploy an application in each audited account with its own role. Have Account A authenticate with the application
Create an IAM user with an access key in each audited account. Write code in Account A that uses those access keys