Answer-first summary for fast verification
Answer: Configure the S3 bucket policy in Account A to allow access from Account B., Set the permissions for User_DataProcessor in Account B to allow access to the S3 bucket.
To enable the User_DataProcessor in Account B to access the S3 bucket in Account A, the following steps are required: 1. **Configure the S3 bucket policy in Account A to allow access from Account B (Option B/C)**: This involves setting the bucket policy in Account A to grant the necessary permissions (such as `s3:GetObject` and `s3:ListBucket`) to the IAM user in Account B. This allows the user in Account B to access the objects in the bucket. 2. **Set the permissions for User_DataProcessor in Account B to allow access to the S3 bucket (Option D)**: This involves creating an IAM policy in Account B that grants `s3:GetObject` and `s3:ListBucket` permissions to the User_DataProcessor, referencing the ARN of the S3 bucket in Account A. Cross-Origin Resource Sharing (CORS) is not required for this scenario because it is generally used for allowing web applications running in one domain to access resources in another domain.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A retail company stores data files in an Amazon S3 bucket under Account A and needs to grant access to these files to a business partner. The partner's IAM user, User_DataProcessor, is in Account B. What must be done to enable User_DataProcessor to access the S3 bucket successfully? (Select two actions.)
A
Enable the cross-origin resource sharing (CORS) feature for the S3 bucket in Account A.
B
Configure the S3 bucket policy in Account A to allow access from Account B.
C
Configure the S3 bucket policy in Account A to allow access from Account B.
D
Set the permissions for User_DataProcessor in Account B to allow access to the S3 bucket.
No comments yet.