A root account owner has created an S3 bucket testmycloud. The account owner wants to allow everyone to
upload the objects as well as enforce that the person who uploaded the object should manage the permission
of those objects. Which is the easiest way to achieve this?
A.
The root account owner should create a bucket policy which allows the IAM users to upload the
object
B.
The root account owner should create the bucket policy which allows the other account owners to set
the object policy of that bucket
C.
The root account should use ACL with the bucket to allow everyone to upload the object
D.
The root account should create the IAM users and provide them the permission to upload content to
the bucket
Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants
identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write
permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant
permissions to other users in his account. ACLs are suitable for specific scenarios. For example, if a bucket
owner allows other AWS accounts to upload objects, permissions to these objects can only be managed using
the object ACL by the AWS account that owns the object.
B.
The root account owner should create the bucket policy which allows the other account owners to set
the object policy of that bucket.
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example1.html
0
0
B is correct
0
0
I like C because there is no object policy in AWS S3
0
0
B – There is no object policy. so it need to be ignored
D – we can create as policy for providing permission. So it need to be ignored
A and C are applicable
C – it can be applied directly by selecting option everyone
A – New policy need to be created manually
So I will prefer to go with C
Refer below links to get clarity
http://cloudacademy.com/blog/amazon-s3-security-master-bucket-polices-acls/
http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example1.html
0
0
C is the easiest way to accomplish this
0
0
C.
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An
ACL is a list of grants identifying the grantee and the permission granted. The user can use
ACLs to grant basic read/write permissions to other AWS accounts. ACLs use an Amazon
S3–specific XML schema. The user cannot grant permissions to other users in his account.
ACLs are suitable for specific scenarios. For example, if a bucket owner allows other AWS
accounts to upload objects, permissions to these objects can only be managed using the
object ACL by the AWS account that owns the object.
0
0
c
0
0
C:- key word is should manage the permission of those object. From ACL only u can manage object level permission.
0
0
c
0
0
C
0
0