A developer needs to grant an external partner AWS account access to an Amazon SNS topic in their account. <br/><br/>What is the MOST secure way to grant this access?

Answer options:

Create an IAM user for the partner and share the access keys.

Attach a resource-based policy to the SNS topic granting the partner account the sns:Publish permission.

Create an IAM role in the partner account and attach an identity-based policy.

Use AWS Resource Access Manager (RAM) to share the SNS topic.

How to approach this question

Recognize that SNS supports resource-based policies for cross-account access.

Full Answer

B.Attach a resource-based policy to the SNS topic granting the partner account the sns:Publish permission.✓ Correct

Attach a resource-based policy to the SNS topic granting the partner account the sns:Publish permission.

Amazon SNS supports resource-based policies. You can attach a policy directly to the SNS topic that specifies which AWS accounts (principals) are allowed to perform actions (like Publish or Subscribe) on that topic.

Common mistakes

Thinking AWS RAM is used for all resource sharing.

Question 18 All questions Question 20

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...Easy Q03A company is designing a web application that will be hosted on AWS. The application will use an ...Medium Q04A company is building a mobile app that requires users to authenticate using their social media a...Hard Q05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium

View all 65 questions →