A company is running a web application on Amazon EC2 instances in a production AWS account. The company requires all logs generated from the web application to be copied to a central AWS account for analysis and archiving. The company’s AWS accounts are currently managed independently. Logging agents are configured on the EC2 instances to upload the log files to an Amazon S3 bucket in the central AWS account. A solutions architect needs to provide access for a solution that will allow the production account to store log files in the central account. The central account also needs to have read access to the log files. What should the solutions architect do to meet these requirements?

Topic #: - All AWS Certified Solutions Architect - Professional Questions

A. Create a cross-account role in the central account. Assume the role from the production account when the logs are being copied.
B. Create a policy on the S3 bucket with the production account ID as the principal. Allow S3 access from a delegated user.
C. Create a policy on the S3 bucket with access from only the CIDR range of the EC2 instances in the production account. Use the production account ID as the principal.
D. Create a cross-account role in the production account. Assume the role from the production account when the logs are being copied.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion