A company has external vendors that must deliver files to the company. These vendors have cross-account that gives them permission to upload objects to one of the company’s S3 buckets.
What combination of steps must the vendor follow to successfully deliver a file to the company? Select 2 answers from the options given below
A . Attach an IAM role to the bucket that grants the bucket owner full permissions to the object
B . Add a grant to the objects ACL giving full permissions to bucket owner.
C . Encrypt the object with a KMS key controlled by the company.
D . Add a bucket policy to the bucket that grants the bucket owner full permissions to the object
E . Upload the file to the company’s S3 bucket
Answer: B,E
Explanation:
This scenario is given in the AWS Documentation
A bucket owner can enable other AWS accounts to upload objects. These objects are owned by the accounts that created them. The bucket owner does not own objects that were not created by the bucket owner. Therefore, for the bucket owner to grant access to these objects, the object owner must first grant permission to the bucket owner using an object ACL. The bucket owner can then delegate those permissions via a bucket policy. In this example, the bucket owner delegates permission to users in its own account.
Option A and D are invalid because bucket ACL’s are used to give grants to bucket Option
C is not required since encryption is not part of the requirement For more information on
this scenario please see the below Link:
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroushs-manaeing-
access-example3.htmll
The correct answers are: Add a grant to the objects ACL giving full permissions to bucket owner., Upload the file to the company’s S3 bucket Submit your Feedback/Queries to our Experts
Leave a Reply