A company is using AWS Organizations to manage multiple AWS accounts. The company has an application that allows users to assume the AppUser IAM role to download files from an Amazon S3 bucket that is encrypted with an AWS KMS CMK. However, when users try to access the files in the S3 bucket, they get an access denied error. What should a security engineer do to troubleshoot this error? (Choose three.)
A) Ensure the KMS policy allows the AppUser role to have permission to decrypt for the CMK.
B) Ensure the S3 bucket policy allows the AppUser role to have permission to get objects for the S3 bucket.
C) Ensure the CMK was created before the S3 bucket.
D) Ensure the S3 block public access feature is enabled for the S3 bucket.
E) Ensure that automatic key rotation is disabled for the CMK.
F) Ensure the SCPs within Organizations allow access to the S3 bucket.
Correct Answer:
Verified
Q283: A company has a serverless application for
Q284: A company's on-premises networks are connected to
Q285: A company stores images for a website
Q286: A development team is using an AWS
Q287: A company deployed an Amazon EC2 instance
Q289: Example.com is hosted on Amazon EC2 instance
Q290: Unapproved changes were previously made to a
Q291: A company has implemented AWS WAF and
Q292: Amazon GuardDuty has detected communications to a
Q293: A company uses Amazon RDS for MySQL
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents