Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 723 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 723
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company manages hundreds of AWS accounts centrally in an organization in AWS Organizations. The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs, not on the Internet.
What is the MOST operationally efficient way to enforce this requirement?

  • A. Set the S3 access point resource policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
  • B. Create an SCP at the root level in the organization to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
  • C. Use AWS CloudFormation StackSets to create a new IAM policy in each AWS account that allows the s3:CreateAccessPoint action only if the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
  • D. Set the S3 bucket policy to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Jaypdv at April 30, 2021, 12:01 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
oxfordsolutions
Highly Voted 3 years ago
correct answer: B
upvoted 18 times
...
AzureDP900
Highly Voted 2 years, 10 months ago
B is right answer https://aws.amazon.com/s3/features/access-points/
upvoted 5 times
...
dev112233xx
Most Recent 1 year, 5 months ago
Selected Answer: B
"The company recently started to allow product teams to create and manage their own S3 access points in their accounts. The S3 access points can be accessed only within VPCs" It's not clear from the question if the company want to apply this restriction to only the "product team" or to all members of the organization! But i will select B because it's the easiest approach
upvoted 1 times
...
ccort
1 year, 9 months ago
Selected Answer: B
B for me, this screams for an SCP
upvoted 1 times
...
[Removed]
1 year, 12 months ago
Selected Answer: B
https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/
upvoted 1 times
...
psou7
1 year, 12 months ago
B. "You can control access point usage using AWS Organizations support for AWS SCPs." https://aws.amazon.com/s3/features/access-points/
upvoted 1 times
...
gnic
2 years, 1 month ago
Selected Answer: B
It's B. SCP to restrict permission
upvoted 1 times
...
kadev
2 years, 1 month ago
B. Example Service control policy: { "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Principal": "*", "Action": "s3:CreateAccessPoint", "Resource": "*", "Condition": { "StringNotEquals": { "s3:AccessPointNetworkOrigin": "VPC" } } }] }
upvoted 2 times
...
jyrajan69
2 years, 6 months ago
The question states clearly '. Recently, the firm began allowing product teams to build and administer their own S3 access points under their own accounts' so setting SCP at root level would not allow this, therefore only possible solution is A.
upvoted 3 times
...
cldy
2 years, 10 months ago
B. Create an SCP at the root level in the organization to deny the s3:CreateAccessPoint action unless the s3:AccessPointNetworkOrigin condition key evaluates to VPC.
upvoted 2 times
...
andylogan
2 years, 11 months ago
It's B
upvoted 2 times
...
Kopa
2 years, 11 months ago
good point to use Acess Point with SCP. Im for B
upvoted 2 times
...
tgv
2 years, 11 months ago
BBB ---
upvoted 2 times
...
blackgamer
2 years, 11 months ago
Answer is B
upvoted 2 times
...
WhyIronMan
2 years, 11 months ago
I'll go with B
upvoted 2 times
...
student2020
2 years, 11 months ago
B https://aws.amazon.com/blogs/storage/managing-amazon-s3-access-with-vpc-endpoints-and-s3-access-points/
upvoted 3 times
...
vimgoru24
2 years, 11 months ago
AWS Org hints it should be B
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel