A company has an application where reading objects from Amazon S3 is based on the type of user. The user types are registered user and guest user. The company has 25,000 users and is growing. Information is pulled from an S3 bucket depending on the user type.
Which approaches are recommended to provide access to both user types? (Choose two.)
A . Provide a different access key and secret access key in the application code for registered users and guest users to provide read access to the objects.
B . Use S3 bucket policies to restrict read access to specific IAM users.
C . Use Amazon Cognito to provide access using authenticated and unauthenticated roles.
D . Create a new IAM user for each user and grant read access.
E . Use the AWS IAM service and let the application assume the different roles using the AWS Security Token Service (AWS STS) AssumeRole action depending on the type of user and provide read access to Amazon S3 using the assumed role.
Answer: AB
Leave a Reply