AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
A telecom service provider relies on Amazon Simple Storage Service (Amazon S3) for storing its essential customer information securely. Considering the need for stringent access controls to protect this sensitive data, which of the following options can be implemented to manage and restrict access to Amazon S3 data? (Select two)
A telecom service provider relies on Amazon Simple Storage Service (Amazon S3) for storing its essential customer information securely. Considering the need for stringent access controls to protect this sensitive data, which of the following options can be implemented to manage and restrict access to Amazon S3 data? (Select two)
Explanation:
Bucket policies, Identity and Access Management (IAM) policies
Query String Authentication, Access Control Lists (ACLs)
Customers may use four mechanisms for controlling access to Amazon S3 resources: Identity and Access Management (IAM) policies, bucket policies, Access Control Lists (ACLs), and Query String Authentication.
IAM enables organizations with multiple employees to create and manage multiple users under a single AWS account. With IAM policies, customers can grant IAM users fine-grained control to their Amazon S3 bucket or objects while also retaining full control over everything the users do.
With bucket policies, customers can define rules which apply broadly across all requests to their Amazon S3 resources, such as granting write privileges to a subset of Amazon S3 resources. Customers can also restrict access based on an aspect of the request, such as HTTP referrer and IP address.
With ACLs, customers can grant specific permissions (i.e. READ, WRITE, FULL_CONTROL) to specific users for an individual bucket or object.
With Query String Authentication, customers can create a URL to an Amazon S3 object which is only valid for a limited time. Using query parameters to authenticate requests is useful when you want to express a request entirely in a URL. This method is also referred as presigning a URL.
Incorrect options:
Permissions boundaries, Identity and Access Management (IAM) policies
Query String Authentication, Permissions boundaries
IAM database authentication, Bucket policies
Permissions boundary - A Permissions boundary is an advanced feature for using a managed policy to set the maximum permissions that an identity-based policy can grant to an IAM entity. An entity's permissions boundary allows it to perform only the actions that are allowed by both its identity-based policies and its permissions boundaries. When you use a policy to set the permissions boundary for a user, it limits the user's permissions but does not provide permissions on its own.
IAM database authentication - IAM database authentication works with MySQL and PostgreSQL. With this authentication method, you don't need to use a password when you connect to a DB instance. Instead, you use an authentication token. It is a database authentication technique and cannot be used to authenticate for S3.
Therefore, all three options are incorrect.