A root account owner has created an S3 bucket testmycloud. The account owner wants to allow
everyone to upload the objects as well as enforce that the person who uploaded the object should
manage the permission of those objects. Which is the easiest way to achieve this?

A.
The root account owner should create a bucket policy which allows the IAM users to upload the
object

B.
The root account owner should create the bucket policy which allows the other account owners
to set
the object policy of that bucket

C.
The root account should use ACL with the bucket to allow everyone to upload the object

D.
The root account should create the IAM users and provide them the permission to upload
content to
the bucket

Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a
list of grants identifying the grantee and the permission granted. The user can use ACLs to grant
basic read/write permissions to other AWS accounts. ACLs use an Amazon S3–specific XML
schema. The user cannot grant permissions to other users in his account. ACLs are suitable for
specific scenarios. For example, if a bucket owner allows other AWS accounts to upload objects,
permissions to these objects can only be managed using the object ACL by the AWS account that
owns the object.