In a multi-account AWS environment, the sales team stores large amounts of data in an encrypted Amazon S3 bucket, while the marketing team utilizes Amazon QuickSight for data visualization. The marketing team requires access to the sales team's S3 data, which is encrypted with an AWS KMS key. The marketing team has already established an IAM service role for QuickSight in their account. What is the most efficient and secure method to grant the marketing team access to the sales team's S3 data without excessive operational overhead?

Exam-Like

Establish a new S3 bucket in the marketing account and set up an S3 replication rule in the sales account to transfer objects to the new bucket. Modify QuickSight permissions in the marketing account to allow access to the new S3 bucket.

0.0%

Implement an SCP to permit access to the S3 bucket for the marketing account. Utilize AWS RAM to share the KMS key from the sales account with the marketing account. Adjust QuickSight permissions in the marketing account to enable access to the S3 bucket.

0.0%

Amend the S3 bucket policy in the marketing account to authorize the QuickSight role. Create a KMS grant for the encryption key used in the S3 bucket, granting decrypt permissions to the QuickSight role. Update QuickSight permissions in the marketing account to allow access to the S3 bucket.

50.0%

Develop an IAM role in the sales account with access to the S3 bucket. Enable the marketing account to assume this IAM role to access the S3 bucket. Establish a trust relationship between the new IAM role in the sales account and the QuickSight role in the marketing account.

50.0%

AWS Certified Solutions Architect - Professional

Comments

Get started today