Answer-first summary for fast verification
Answer: Attach a policy to the S3-access group to deny all S3 actions without MFA, request temporary credentials from AWS STS, and use these credentials in a profile referenced by Amazon S3 during user actions.
The correct answer is D. This approach ensures that the IAM policy enforces MFA for any S3 actions by attaching a policy to the S3-access group that denies actions unless MFA is present. By requesting temporary credentials from AWS STS and using these credentials in an AWS CLI profile, you further enhance security and ensure that MFA is used properly when the user performs actions in Amazon S3. The other options either do not adequately enforce MFA or do not provide the necessary secure method of authentication.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A solutions architect is tasked with ensuring a secure method for a team of cloud engineers to upload objects into an Amazon S3 bucket using the AWS CLI. Each engineer has an IAM user, IAM access keys, and a virtual MFA device. The IAM users are part of an S3-access group, and MFA is mandatory for any actions in Amazon S3. What solution meets these security requirements?
A
Attach a policy to the S3 bucket to prompt for an MFA code during actions by the IAM user, and use IAM access keys with the AWS CLI to interact with Amazon S3.
B
Update the S3-access group's trust policy to require MFA for assuming the group, and use IAM access keys with the AWS CLI to interact with Amazon S3.
C
Attach a policy to the S3-access group to deny all S3 actions without MFA, and use IAM access keys with the AWS CLI to interact with Amazon S3.
D
Attach a policy to the S3-access group to deny all S3 actions without MFA, request temporary credentials from AWS STS, and use these credentials in a profile referenced by Amazon S3 during user actions.
No comments yet.