Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 765 discussion

The correct option to provide access to the SQS queue without giving up the other company's account permissions is: C. Create an SQS access policy that provides the other company access to the SQS queue. By creating an SQS access policy, you can define specific permissions for the other company to access the SQS queue without requiring them to modify their own account permissions. This allows for fine-grained control over access to the queue while maintaining security and isolation between accounts. Options A, B, and D are not appropriate for granting access to the SQS queue in this scenario.

AnswerC Creating Access policy in SQS which will allow other company to acess SQS queue seems to be the only solution which is RIGHT here

Amazon SQS policy system lets you grant permission to other Amazon Accounts. https://docs.amazonaws.cn/en_us/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-using-identity-based-policies.html

SQS Access Policy for secure, fine-grained Cross-account access

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-overview-of-managing-access.html

option A: Instance profiles are used to grant permissions to EC2 instances, not for granting access to other AWS services like SQS queues. Option B.:AM policies are applied to IAM users, groups, or roles within the same AWS account. They are not directly applicable to granting access to resources in other AWS accounts. option C:SQS access policies allow you to grant cross-account access to SQS resources. You can specify the necessary permissions in the policy and attach it directly to the SQS queue. This way, you can give the other company's AWS account the necessary permissions to poll the queue without compromising their account permissions. option D. Amazon SNS access policies are used to manage access to SNS topics, not SQS queues

Option C

Option B