A company has two AWS accounts: Account A for development and Account B for production. Developers in Account A need to access an Amazon S3 bucket in Account B to read configuration files.<br/><br/>Which solution meets this requirement with the LEAST operational overhead?

Answer options:

Create IAM users in Account B for each developer in Account A.

Create an IAM role in Account B with access to the S3 bucket. Grant developers in Account A permission to assume the role.

Copy the S3 bucket from Account B to Account A using AWS DataSync.

Make the S3 bucket in Account B public.

How to approach this question

Identify the standard pattern for cross-account access in AWS.

Full Answer

B.Create an IAM role in Account B with access to the S3 bucket. Grant developers in Account A permission to assume the role.✓ Correct

Create an IAM role in Account B with access to the S3 bucket. Grant developers in Account A permission to assume the role.

To grant cross-account access, you create an IAM role in the trusting account (Account B) and grant the trusted account (Account A) permission to assume that role.

Common mistakes

Choosing to create new IAM users in the target account.

Question 01 All questions Question 03

Practice the full AWS SAA-C03 Practice Exam 6

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...Easy Q04A company is running an application on Amazon EC2 instances. The application needs to connect to ...Medium Q05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy Q06A company wants to restrict access to an Amazon S3 bucket so that only requests originating from ...Medium

View all 65 questions →