A large industrial company has two AWS accounts. One account is for production, and one account is for development. The company manages the production account under its corporate organization in AWS Organizations. The development account is an isolated environment that developers use for testing. The company stores all the application configuration information in an Amazon S3 bucket in the production account. All developers in the development account are members of a single IAM group. A solutions architect must ensure that the developers can update the application configuration information in real time. What is the MOST operationally efficient solution that meets these requirements?

Topic #: - All AWS Certified Solutions Architect - Professional Questions

A. In the production account, modify the S3 bucket policy by adding the development account ID in the condition field. Add a permissions policy to the developers’ IAM group to allow users to put objects in the production S3 bucket.
B. In the production account, create a two-staged pipeline that uses AWS CodeDeploy and an S3 bucket that has versioning enabled. Create an IAM role in the production account that has the permission to put objects in the S3 bucket. Associate the role with the pipeline. Allow developers to push a new version in the S3 bucket.
C. Create an IAM role in the production account. Establish a trust relationship between the production account and the development account. Specify a permissions policy in the role to allow trusted users to put objects in the S3 bucket. Grant sts:AssumeRole permissions to the developers’ IAM group for the role.
D. Create an S3 bucket in the development account. Enable S3 bucket replication between the development S3 bucket and the production S3 bucket.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion