A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their
backup and archive infrastructure. The customer plans to use third-party software to support this integration.
Which approach will limit the access of the third party software to only the Amazon S3 bucket named
“company-backup”?
A.
A custom bucket policy limited to the Amazon S3 API in thee Amazon Glacier archive “company-backup”
B.
A custom bucket policy limited to the Amazon S3 API in “company-backup”
C.
A custom IAM user policy limited to the Amazon S3 API for the Amazon Glacier archive “company-backup”.
D.
A custom IAM user policy limited to the Amazon S3 API in “company-backup”.
Explanation:
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
D
http://www.aiotestking.com/amazon/which-approach-will-limit-the-access-of-the-third-party-software-to-only-the-amazon-s3-bucket-named-ampquotcompanybackupampquot/
0
0
Correct answer is D as the IAM policy can be granted to S3 and proper lifecycle rules configured to archive the data to Glacier
1
0
Does anyone know when to use bucket policy and when to use user policy ?
0
0
If you’re more interested in “What can this user do in AWS?” then IAM policies are probably the way to go. You can easily answer this by looking up an IAM user and then examining their IAM policies to see what rights they have.
If you’re more interested in “Who can access this S3 bucket?” then S3 bucket policies will likely suit you better. You can easily answer this by looking up a bucket and examining the bucket policy.
4
0