Explanation:
To enable the User_DataProcessor in Account B to access the S3 bucket in Account A, the following steps are required:
Configure the S3 bucket policy in Account A to allow access from Account B (Option B/C): This involves setting the bucket policy in Account A to grant the necessary permissions (such as s3:GetObject and s3:ListBucket) to the IAM user in Account B. This allows the user in Account B to access the objects in the bucket.
Set the permissions for User_DataProcessor in Account B to allow access to the S3 bucket (Option D): This involves creating an IAM policy in Account B that grants s3:GetObject and s3:ListBucket permissions to the User_DataProcessor, referencing the ARN of the S3 bucket in Account A.
Cross-Origin Resource Sharing (CORS) is not required for this scenario because it is generally used for allowing web applications running in one domain to access resources in another domain.
Ultimate access to all questions.
No comments yet.
A retail company stores data files in an Amazon S3 bucket under Account A and needs to grant access to these files to a business partner. The partner's IAM user, User_DataProcessor, is in Account B. What must be done to enable User_DataProcessor to access the S3 bucket successfully? (Select two actions.)
A
Enable the cross-origin resource sharing (CORS) feature for the S3 bucket in Account A.
B
Configure the S3 bucket policy in Account A to allow access from Account B.
C
Configure the S3 bucket policy in Account A to allow access from Account B.
D
Set the permissions for User_DataProcessor in Account B to allow access to the S3 bucket.