You need to grant a vendor access to your AWS account. They need to be able to read protected messages in a private S3 bucket at their leisure. They also use AWS. What is the best way to accomplish this?
A) Create an IAM User with API Access Keys. Grant the User permissions to access the bucket. Give the vendor the AWS Access Key ID and AWS Secret Access Key for the User.
B) Create an EC2 Instance Profile on your account. Grant the associated IAM role full access to the bucket. Start an EC2 instance with this Profile and give SSH access to the instance to the vendor.
C) Create a cross-account IAM Role with permission to access the bucket, and grant permission to use the Role to the vendor AWS account.
D) Generate a signed S3 PUT URL and a signed S3 PUT URL, both with wildcard values and 2 year durations. Pass the URLs to the vendor.
Correct Answer:
Verified
Q381: You want to build a new search
Q382: Which of these is not a Pseudo
Q383: A user has attached an EBS volume
Q384: How long are the messages kept on
Q385: When thinking of DynamoDB, what are true
Q387: You are designing a system which needs,
Q388: You are creating a new API for
Q389: A user has created a new EBS
Q390: There are a number of ways to
Q391: Your DevOps team is responsible for a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents