The development team at a HealthCare company has set up EC2 instances in AWS Account A. These instances are required to access patient data that includes Personally Identifiable Information (PII) stored in multiple S3 buckets located in a separate AWS Account B.

Given this scenario, what solution would you, as a Developer Associate, recommend to securely enable access to the PII data across these AWS accounts?

Exam-Like

Create an IAM role with S3 access in Account B and set Account A as a trusted entity. Create another role (instance profile) in Account A and attach it to the EC2 instances in Account A and add an inline policy to this role to assume the role from Account B

100.0%

Add a bucket policy to all the Amazon S3 buckets in Account B to allow access from EC2 instances in Account A

0.0%

Create an IAM role (instance profile) in Account A and set Account B as a trusted entity. Attach this role to the EC2 instances in Account A and add an inline policy to this role to access S3 data from Account B

0.0%

Copy the underlying AMI for the EC2 instances from Account A into Account B. Launch EC2 instances in Account B using this AMI and then access the PII data on Amazon S3 in Account B

0.0%

AWS Certified Developer - Associate

Get started today

Comments