Explanation:
In cross-account S3 replication, by default, the objects in the destination bucket are still owned by the source AWS account. This means the destination account (the nonproduction account) may not have permissions to access the objects despite them being in its bucket. To resolve this, you must modify the replication configuration to include the AccessControlTranslation parameter (often referred to as 'Change Object Ownership' in the console), which transfers ownership of the replicas to the destination account owner.
Ultimate access to all questions.
Question #21 A CloudOps engineer is responsible for a company's disaster recovery procedures. The company has a source Amazon S3 bucket in a production account, and it wants to replicate objects from the source to a destination S3 bucket in a nonproduction account. The CloudOps engineer configures S3 cross-Region, cross-account replication to copy the source S3 bucket to the destination S3 bucket. When the CloudOps engineer attempts to access objects in the destination S3 bucket, they receive an Access Denied error. Which solution will resolve this problem?
A
Modify the replication configuration to change object ownership to the destination S3 bucket owner.
B
Ensure that the replication rule applies to all objects in the source S3 bucket and is not scoped to a single prefix.
C
Retry the request when the S3 Replication Time Control (S3 RTC) has elapsed.
D
Verify that the storage class for the replicated objects did not change between the source S3 bucket and the destination S3 bucket.
E
N/A
F
N/A
No comments yet.