A company provides an AWS account for each of its teams. Members of each team authenticate with AWS by using user accounts in their own team’s account. The company created a project-specific AWS account for collaboration by three or more teams. The company also created a new Amazon S3 bucket inside this new account. There is no S3 bucket policy or S3 ACL. A security engineer must implement a secure solution so that all teams can read objects and write to objects that are stored in the S3 bucket. What should the security engineer do to meet these requirements?

Topic #: - All AWS Certified Security - Specialty Questions

A. In the same AWS account where the S3 bucket resides, update the bucket’s ACL to include the canonical user ID of the teams’ AWS accounts. Teams will specify the account number of the AWS account where the bucket is located when they read objects and write to objects in the bucket
B. In the same AWS account where the S3 bucket resides, create an IAM role that has appropriate permissions for the bucket. Include a trust policy that specifies the teams’ AWS accounts as the principals. Teams will assume the role when they read objects and write to objects in the bucket Most Voted
C. In the same AWS account where the S3 bucket resides, add a bucket policy to allow all the teams to read objects and write to objects in the bucket. Teams will specify the account number of the AWS account where the bucket is located when they read objects and write to objects in the bucket.
D. In the same AWS account where the S3 bucket resides, create an IAM user, an IAM group, and access keys for each team. Each team will share its access keys when the team reads objects and writes to objects in the bucket.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion