ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS-SysOps All Questions

View all questions & answers for the AWS-SysOps exam
Go to Exam

Exam AWS-SysOps topic 1 question 676 discussion

Exam question from Amazon's AWS-SysOps
Question #: 676
Topic #: 1
[All AWS-SysOps Questions]

A company has two AWS accounts: development and production. All applications send logs to a specific Amazon S3 bucket for each account, and the Developers are requesting access to the production account S3 buckets to view the logs.
Which is the MOST efficient way to provide the Developers with access?

  • A. Create an AWS Lambda function with an IAM role attached to it that has access to both accounts' S3 buckets. Pull the logs from the production S3 bucket to the development S3 bucket.
  • B. Create IAM users for each Developer on the production account, and add the Developers to an IAM group that provides read-only access to the S3 log bucket.
  • C. Create an Amazon EC2 bastion host with an IAM role attached to it that has access to the production S3 log bucket, and then provision access for the Developers on the host.
  • D. Create a resource-based policy for the S3 bucket on the production account that grants access to the development account, and then delegate access in the development account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by coolboylqy at Sept. 21, 2019, 7:39 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
coolboylqy
Highly Voted 2 years, 7 months ago
D https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html
upvoted 12 times
...
saumenP
Highly Voted 2 years, 7 months ago
D is correct
upvoted 5 times
...
albert_kuo
Most Recent 9 months, 3 weeks ago
Selected Answer: D
By creating a resource-based policy on the S3 bucket in the production account, you can define access permissions for the development account directly on the bucket. This eliminates the need for individual IAM users or roles in the production account.
upvoted 1 times
...
gulu73
1 year, 3 months ago
Selected Answer: D
D is the answer
upvoted 1 times
...
ahaffar
2 years, 6 months ago
D https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_compare-resource-policies.html
upvoted 1 times
...
RicardoD
2 years, 6 months ago
D is the answer Create policy based on a resource which will allow cross account access
upvoted 1 times
...
abhishek_m_86
2 years, 6 months ago
D. Create a resource-based policy for the S3 bucket on the production account that grants access to the development account, and then delegate access in the development account. Seem correct
upvoted 2 times
...
Chirantan
2 years, 6 months ago
i would go with D
upvoted 1 times
...
jackdryan
2 years, 6 months ago
I'll go with D
upvoted 2 times
...
apwangzh
2 years, 6 months ago
This tutorial explained in detail about D. https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
upvoted 1 times
...
waterzhong
2 years, 6 months ago
D should be correct. To much overhead to create IAM users for each developer and this question is asking for MOST efficient way.
upvoted 2 times
...
Pirulou
2 years, 6 months ago
MOST efficient way --> D
upvoted 1 times
...
KhatriRocks
2 years, 7 months ago
Just a note, D does not state read only access here. We are talking cross account access fr S3 bucket now. With option B, one can do a switch account and access the S3 bucket.
upvoted 1 times
shammous
2 years, 7 months ago
It's not efficient to create multiple IAM users and switch from an account to another my friend. Have a look at the link shared by coolboylqy: https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html D states that the admin of the account B can delegate access (read only or whatever), so your argument is not convincing ...
upvoted 1 times
...
...
Pejvak
2 years, 7 months ago
The MOST efficient and secure way is C.
upvoted 3 times
AWS_Noob
2 years, 7 months ago
That's not what they asking. They asked for the most Efficient way. So D would be the best
upvoted 2 times
...
...
mvsnogueira
2 years, 7 months ago
Serious ? Why did they select letter B ? Imagine if you have 1000 developers ? Am I going to create 1000 users ??? Letter D is the correct option
upvoted 3 times
...
Jimmy5
2 years, 7 months ago
D should be correct. To much overhead to create IAM users for each developer and this question is asking for MOST efficient way.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago