Explanation:
To allow Amazon QuickSight to access an Amazon S3 bucket encrypted with AWS KMS, the QuickSight service role must be granted permissions to the S3 bucket and the KMS key. Since the S3 bucket policy is already updated, the missing steps are: 1) adding an IAM policy to the QuickSight service role to allow access to the KMS key (Option D), and 2) adding the KMS key as a resource that the QuickSight service role can access or modifying the KMS key policy to permit the QuickSight role (Option E).
Ultimate access to all questions.
Question 56
A company uses Amazon S3 to store data and Amazon QuickSight to create visualizations. The company has an S3 bucket in an AWS account named HubAccount. The S3 bucket is encrypted by an AWS Key Management Service (AWS KMS) key. The company's QuickSight instance is in a separate account named BI-Account. The company updates the S3 bucket policy to grant access to the QuickSight service role. The company wants to enable cross-account access to allow QuickSight to interact with the S3 bucket. Which combination of steps will meet this requirement? (Choose two.)
A
Use the existing AWS KMS key to encrypt connections from QuickSight to the S3 bucket.
B
Add the S3 bucket as a resource that the QuickSight service role can access.
C
Use AWS Resource Access Manager (AWS RAM) to share the S3 bucket with the BI-Account account.
D
Add an IAM policy to the QuickSight service role to give QuickSight access to the KMS key that encrypts the S3 bucket.
E
Add the KMS key as a resource that the QuickSight service role can access.
No comments yet.