InfoSec is concerned that an employee may expose sensitive data in an Amazon S3 bucket. How can this concern be addressed without putting undue restrictions on users?
A.
Apply an IAM policy on all users that denies the action s3:PutBucketPolicy
B.
Restrict S3 bucket access to specific IAM roles managed using federated access
C.
Activate an AWS Config rule to identify public buckets and alert InfoSec using Amazon SNS
D.
Email the findings of AWS Personal Health Dashboard to InfoSec daily
By restricting S3 bucket access to specific IAM roles, you can enforce fine-grained access control. This ensures that only authorized roles and users can interact with the S3 buckets. Federated access allows you to leverage external identity providers (such as Active Directory or SAML-based providers) to manage user access to AWS resources. This enables centralized access management and simplifies user onboarding and offboarding processes.
Option C (activating an AWS Config rule to identify public buckets and alert InfoSec) is a good practice to detect public buckets, but it does not prevent the exposure of sensitive data. It provides notifications to InfoSec about public buckets but does not address the underlying issue of data exposure.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
saumenP
Highly Voted 2 years, 6 months agomukeshs
Highly Voted 2 years, 7 months agoalbert_kuo
Most Recent 9 months, 4 weeks agoalbert_kuo
9 months, 4 weeks agoTroyMcLure
2 years, 5 months agowshyang
2 years, 6 months agokarmaah
2 years, 6 months agokkwang
2 years, 7 months ago