A company manages three separate AWS accounts for its production, development, and test environments. Each Developer is assigned a unique IAM user under the development account. A new application hosted on an Amazon EC2 instance in the development account requires read access to the archived documents stored in an Amazon S3 bucket in the production account. How should access be granted?
A) Create an IAM role in the production account and allow EC2 instance in the development account to assume that role using the trust policy. Provide read access for the required S3 bucket to this role.
B) Use a custom identity broker to allow Developer IAM users to temporarily access the S3 bucket.
C) Create a temporary IAM user for the application to use in the production account.
D) Create a temporary IAM user in the production account and provide read access to Amazon S3. Generate the temporary IAM user's access key and secret key and store these keys on the EC2 instance used by the application in the development account.
Correct Answer:
Verified
Q136: The Security Engineer is managing a web
Q137: A company has multiple production AWS accounts.
Q138: Compliance requirements state that all communications between
Q139: The Security Engineer is given the following
Q140: A company maintains sensitive data in an
Q142: A company has several production AWS accounts
Q143: An organization has three applications running on
Q144: While analyzing a company's security solution, a
Q145: A company has two AWS accounts, each
Q146: A Security Engineer is working with the
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents