ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 261 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 261
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company has an organization in AWS Organizations. A DevOps engineer needs to maintain multiple AWS accounts that belong to different OUs in the organization. All resources, including IAM policies and Amazon S3 policies within an account, are deployed through AWS CloudFormation. All templates and code are maintained in an AWS CodeCommit repository. Recently, some developers have not been able to access an S3 bucket from some accounts in the organization.

The following policy is attached to the S3 bucket:



What should the DevOps engineer do to resolve this access issue?

  • A. Modify the S3 bucket policy. Turn off the S3 Block Public Access setting on the S3 bucket. In the S3 policy, add the aws:SourceAccount condition. Add the AWS account IDs of all developers who are experiencing the issue.
  • B. Verify that no IAM permissions boundaries are denying developers access to the S3 bucket. Make the necessary changes to IAM permissions boundaries. Use an AWS Config recorder in the individual developer accounts that are experiencing the issue to revert any changes that are blocking access. Commit the fix back into the CodeCommit repository. Invoke deployment through CloudFormation to apply the changes.
  • C. Configure an SCP that stops anyone from modifying IAM resources in developer OUs. In the S3 policy, add the aws:SourceAccount condition. Add the AWS account IDs of all developers who are experiencing the issue. Commit the fix back into the CodeCommit repository. Invoke deployment through CloudFormation to apply the changes.
  • D. Ensure that no SCP is blocking access for developers to the S3 bucket. Ensure that no IAM policy permissions boundaries are denying access to developer IAM users. Make the necessary changes to the SCP and IAM policy permissions boundaries in the CodeCommit repository. Invoke deployment through CloudFormation to apply the changes.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by trungtd at July 14, 2024, 5:37 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
trungtd
Highly Voted 9 months, 2 weeks ago
Selected Answer: D
Option D is the most comprehensive and aligns with the requirements: - It ensures that both SCPs and IAM policies are correctly configured. - It adheres to the use of CloudFormation for all changes. - It addresses the immediate issue while providing a scalable and manageable approach.
upvoted 5 times
...
teo2157
Most Recent 3 months, 1 week ago
Selected Answer: B
Going with B as if there was an SCP in place, it affects all developers and not some of them. Furthermore, with the config recorded you can trace the changes done in the iam policies for the users that are not able to access the S3 bucket and fix it.
upvoted 1 times
...
jamesf
9 months ago
Selected Answer: D
- Comprehensive approach: Reviews both SCPs and IAM permissions boundaries that could block access. - Changes are committed to CodeCommit and deployed through CloudFormation, maintaining the required deployment pipeline. - By checking both SCPs and permissions boundaries, this solution covers potential organizational and account-level restrictions that could impact access.
upvoted 4 times
...
tgv
9 months, 2 weeks ago
Selected Answer: D
---> D
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago