A SysOps Administrator is writing a utility that publishes resources from an AWS Lambda function in AWS account A to an Amazon S3 bucket in AWS Account B. The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.
Which step will fix this issue?
A. Add s3:Deleteobject permission to the IAM execution role of the AWS Lambda function in Account A.
B. Change the bucket policy of the S3 bucket in Account B to allow s3:Deleteobject permission for Account A.
C. Disable server-side encryption for objects written to the S3 bucket by the Lambda function.
D. Call the S3:PutObjectAcl API operation from the Lambda function in Account A to specify bucket owner, full control.
Answer: A
Leave a Reply