Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 6 discussion

Answer: C & D Source: https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/ https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-walkthroughs-managing-access-example4.html

C & D To allow User_DataProcessor to access the S3 bucket from Account B, the following steps need to be taken: In Account A, set the S3 bucket policy to allow access to the bucket from the IAM user in Account B. This is done by adding a statement to the bucket policy that allows the IAM user in Account B to perform the necessary actions (GetObject and ListBucket) on the bucket and its contents. In Account B, create an IAM policy that allows the IAM user (User_DataProcessor) to perform the necessary actions (GetObject and ListBucket) on the S3 bucket and its contents. The policy should reference the ARN of the S3 bucket and the actions that the user is allowed to perform. Note: turning on the cross-origin resource sharing (CORS) feature for the S3 bucket in Account A is not necessary for this scenario as it is typically used for allowing web browsers to access resources from different domains.

The correct answer is....

C. In Account A, set the S3 bucket policy to the following: D. In Account B, set the permissions of User_DataProcessor to the following:

The question says Choose two. The answer is C & D.

Ans C and D 2 Options have to be selected

Ans - C and D 2 Options have to be selected

Cross-Origin Resource Sharing (CORS) is a security feature in Amazon S3 that allows you to control access to your S3 resources from a different domain (origin) than the one serving the resources. CORS defines a way for client web applications running in one origin to interact with resources in a different origin, which is otherwise restricted by the same-origin policy enforced by web browsers.

C and D.

The answer is C and D. You need to give the IAM User in Account B an IAM Policy and you need to give a Bucket Policy in Account A. Who is maintaining this database of questions? Someone needs to seriously set the correct answers before making a lot of people confused and potentially screw up their exam.

Correct answer: C and D Adding my vote for D to balance the result Moderator, please fix the vote in this ticket.

why we need two steps? I think that we get only one from resource-based policy or identity-based policy.

Answer C & D

Option A - CORS does not address cross-account access to S3 buckets Option B - This option would not work because the bucket policy is missing the Principal Option C - This option provides a valid S3 bucket policy that grants access to User_DataProcessor Option D - These permissions allow User_DataProcessor to get objects out of the bucket Option E - This option would not work because it is not a valid IAM policy

Answer - C & D

C, D. D and not E, because it is an identity-based inline policy already attached to the specific principal.

A,C Access setting need to be done only on Account A as it's an owner. So Enabling Cross origin access and access to the bucket for account B IAM user.