AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
A company utilizes an AWS CodeBuild project to build and package their application, which is then copied to a shared Amazon S3 bucket for deployment across multiple AWS accounts. The DevOps engineer has identified that any AWS account holder can download the artifacts. What measures should the DevOps engineer implement to prevent unauthorized access to these artifacts?
A company utilizes an AWS CodeBuild project to build and package their application, which is then copied to a shared Amazon S3 bucket for deployment across multiple AWS accounts. The DevOps engineer has identified that any AWS account holder can download the artifacts. What measures should the DevOps engineer implement to prevent unauthorized access to these artifacts?
Explanation:
The correct answer is D. The command --acl authenticated-read allows any authenticated AWS user to read the S3 bucket's content, which is why anyone with an AWS account can download the artifacts. By removing --acl authenticated-read and configuring a bucket policy that allows read access only to the relevant AWS accounts, you restrict access and ensure that only the specified accounts can access the artifacts.