AWS DevOps Engineer Professional Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the AWS DevOps Engineer Professional Test. Enhance your skills with flashcards and multiple-choice questions, each offering hints and explanations. Become exam-ready!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What is required to allow IAM users in another AWS account to access your S3 bucket?

  1. Create a cross-account IAM Role with permissions

  2. Generate an access key for the external account

  3. Grant public access to the S3 bucket

  4. Enable S3 bucket versioning

The correct answer is: Create a cross-account IAM Role with permissions

To allow IAM users in another AWS account to access your S3 bucket, creating a cross-account IAM Role with the necessary permissions is essential. A cross-account IAM Role allows users from one AWS account to assume the role and gain access to resources in another AWS account. By defining specific permissions in the role, you can control what actions the users can perform on the S3 bucket, such as reading, writing, or listing objects. Using this approach is also more secure than alternatives that may compromise data privacy. For instance, generating an access key for the external account could lead to security vulnerabilities, as it would expose sensitive access credentials that could be used elsewhere. Granting public access to your S3 bucket could expose content to anyone on the internet, which is generally not advisable for protecting sensitive data. Enabling versioning for S3 is unrelated to access permissions; it solely helps in managing object versions within the bucket. Thus, creating a cross-account IAM Role is the best practice, providing a secure and flexible way to manage access to your S3 resources across different AWS accounts.

More Questions Like This