Answer-first summary for fast verification
Answer: Modify the replication configuration to change object ownership to the destination S3 bucket owner.
When you use Amazon S3 cross-account replication, by default, the replicated objects are still owned by the source account. This causes Access Denied errors when users in the destination account try to access them. To grant full access to the destination account, you must explicitly configure the S3 Replication rule to change object ownership so that the destination bucket owner takes full control of the replicated objects.
Author: Ritesh Yadav
Ultimate access to all questions.
Question #21
A CloudOps engineer is responsible for a company's disaster recovery procedures. The company has a source Amazon S3 bucket in a production account, and it wants to replicate objects from the source to a destination S3 bucket in a nonproduction account. The CloudOps engineer configures S3 cross-Region, cross-account replication to copy the source S3 bucket to the destination S3 bucket. When the CloudOps engineer attempts to access objects in the destination S3 bucket, they receive an Access Denied error.
Which solution will resolve this problem?
A
Modify the replication configuration to change object ownership to the destination S3 bucket owner.
B
Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single prefix.
C
Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.
D
Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.
No comments yet.