A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to
upload the objects as well as enforce that the person who uploaded the object should manage the permission
of those objects. Which is the easiest way to achieve this?

A.
The root account owner should create a bucket policy which allows the IAM users to upload the object

B.
The root account owner should create the bucket policy which allows the other account owners to set the
object policy of that bucket

C.
The root account should use ACL with the bucket to allow everyone to upload the object

D.
The root account should create the IAM users and provide them the permission to upload content to the
bucket

Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants
identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write
permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant
permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket
owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using
the object ACL by the AWS account that owns the object.