Exam AWS DevOps Engineer Professional topic 1 question 12 discussion

ADE - The replication rule is created in the source bucket

ADE is correct

ACE. The alternative D - "Add statements to the target bucket policy allowing the replication IAM role to replicate objects" might be chosen frequently due to a common misconception. When setting up cross-region replication in AWS S3, some people might assume that the target bucket (where the objects are being replicated to) also needs to explicitly grant permissions to the replication IAM ___role___. However, this is not the case in AWS S3 cross-region replication setup.

S3 cross-Region replication (CRR) automatically replicates data between buckets across different AWS Regions. To enable CRR, you need to add a replication configuration to your source bucket that specifies the destination bucket, the IAM role, and the encryption type (optional). You also need to grant permissions to the IAM role to perform replication actions on both the source and destination buckets. Additionally, you can choose the destination storage class and enable additional replication options such as S3 Replication Time Control (S3 RTC) or S3 Batch Replication. https://medium.com/cloud-techies/s3-same-region-replication-srr-and-cross-region-replication-crr-34d446806bab https://aws.amazon.com/getting-started/hands-on/replicate-data-using-amazon-s3-replication/ https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication.html

ACE Create and attach the S3 bucket policy in the source account https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/copy-data-from-an-s3-bucket-to-another-account-and-region-by-using-the-aws-cli.html

ADE seems to be correct answer

D, B, E: Refference: https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/copy-data-from-an-s3-bucket-to-another-account-and-region-by-using-the-aws-cli.html

ABCE are correct asnwers

ADE - Correct Answer , Tested and working

ADE - The replication rule is created in the source bucket

The answer is ADE

1. B from (A, B) : the new IAM role should belong to the target account 2. C from (C, D): the policy is used to allow the role to do something to the object what the policy is attached to. 3. E from (E, F): the rule should be created to the bucket whose objects will be replicated

ADE is the correct answer. To enable cross account replication we need to 1. create a replication rule in the source bucket 2. Create an IAM role in the source account to perform replication 3. Create a resource policy on the destination bucket that grant permission to the IAM role in the source account to replicate objects into the destination bucket.

ADE - https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough-2.html

BDE - B becos the source acct should assume the target acct's IAM role to copy things into it.

ADE https://docs.aws.amazon.com/AmazonS3/latest/userguide/replication-walkthrough-2.html

ADE should be the answer. F is incorrect.