PrepAway - Latest Free Exam Questions & Answers

Which approach will limit the access of the third party software to only the Amazon S3 bucket named "comp

A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup
and archive infrastructure. The customer plans to use third-party software to support this integration. Which
approach will limit the access of the third party software to only the Amazon S3 bucket named “companybackup”?

PrepAway - Latest Free Exam Questions & Answers

A.
A custom bucket policy limited to the Amazon S3 API in thee Amazon Glacier archive “company-backup”

B.
A custom bucket policy limited to the Amazon S3 API in “company-backup”

C.
A custom IAM user policy limited to the Amazon S3 API for the Amazon Glacier archive “company-backup”.

D.
A custom IAM user policy limited to the Amazon S3 API in “company-backup”.

17 Comments on “Which approach will limit the access of the third party software to only the Amazon S3 bucket named "comp

    1. mutiger91 says:

      The question is a bit vague about the design of the solution. Does it make more sense if you assume that the 3rd party software is running on your EC2 server and accesses the API through permissions from an IAM role assigned to your EC2 instance?




      0



      0
  1. Kranthi Kumar Katepalli says:

    Answer is D as question specifies “will limit the access of the third party software to “only” the Amazon S3 bucket named “companybackup”” As its a third party software we need an access role to be assigned in order to access AWS




    0



    0
  2. Bob says:

    B or D….

    A and C are wrong because it limits access to Glacier

    B and D can both limit access at the bucket level
    Bucket policy needs a (existing) principal, user policy needs a (existing)user/group/role

    https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/

    Strictly answering the question, seems to me both can do the job (both assuming either principal or user/group/role exists).

    But when taking into account Glacier access will be part of the solution at some time, it seems logical to manage access in one location where both can be managed; IAM

    Therefore would choose D




    1



    0

Leave a Reply

Your email address will not be published. Required fields are marked *