You manage a web advertising platform on a single AWS account. This platform produces realtime ad-click data that you store as objects in an Amazon S3 bucket called "dick-data." Your advertising partners want to use Amazon Elastic MapReduce in their own AWS accounts to do analytics on the ad-click data. They have asked for immediate access to the ad-dick data so that they can run analytics. Which two choices are required to facilitate secure access to this data? (Choose two.)
A) Create a cross-account TAM role with a trust policy that contains partner AWS account IDs and a unique external ID.
B) Create a new IAM group for AWS Data Pipeline users with a trust policy that contains partner AWS account IDs.
C) Configure an Amazon S3 bucket policy for the "click-data" bucket that allows Read-Only access to the objects, and associate this policy with an IAM role.
D) Configure the Amazon S3 bucket access control list to allow access to the partners Amazon Elastic MapReduce cluster.
E) Configure AWS Data Pipeline in the partner AWS accounts to use the web Identity Federation API to access data in the "click-data" bucket.
F) Configure AWS Data Pipeline to transfer the data from the ''click-data" bucket to the partner's Amazon Elastic MapReduce cluster.
Correct Answer:
Verified
Q392: You have written a server-side Node.Js application
Q393: You would like to run automated, continuous
Q394: You currently run your infrastructure on Amazon
Q395: Your application Amazon Elastic Compute Cloud (EC2)
Q396: Your application has an Auto Scaling group
Q398: You are responsible for a large-scale video
Q399: You are responsible for a popular file
Q400: You have been asked to de-risk deployments
Q401: You need your API backed by DynamoDB
Q402: What does it mean if you have
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents