ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 931 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 931
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A developer reports receiving an Error 403: Access Denied message when they try to download an object from an Amazon S3 bucket. The S3 bucket is accessed using an S3 endpoint inside a VPC, and is encrypted with an AWS KMS key. A solutions architect has verified that the developer is assuming the correct IAM role in the account that allows the object to be downloaded. The S3 bucket policy and the NACL are also valid.
Which additional step should the solutions architect take to troubleshoot this issue?

  • A. Ensure that blocking all public access has not been enabled in the S3 bucket.
  • B. Verify that the IAM role has permission to decrypt the referenced KMS key.
  • C. Verify that the IAM role has the correct trust relationship configured.
  • D. Check that local firewall rules are not preventing access to the S3 endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by SGES at Sept. 3, 2022, 11:47 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SGES
Highly Voted 2 years, 8 months ago
Answer is B The objects in the bucket are encrypted therefore IAM role must have permission for decryption
upvoted 10 times
...
zozza2023
Most Recent 2 years, 3 months ago
Selected Answer: B
Error 403= meaning a missing permissons to s3
upvoted 1 times
...
masetromain
2 years, 4 months ago
Selected Answer: B
B. Verify that the IAM role has permission to decrypt the referenced KMS key. The developer is receiving an Error 403: Access Denied message when trying to download an object from the S3 bucket, this means that the developer has the necessary permissions to access the S3 bucket but something else is preventing the access. Since the bucket is encrypted with an AWS KMS key and the developer is assuming the correct IAM role, it is likely that the issue is related to the KMS key. The solutions architect should verify that the IAM role has the correct permissions to decrypt the referenced KMS key. Without the correct permissions to decrypt the key, the developer will not be able to access the object even though they have the necessary permissions to access the S3 bucket.
upvoted 1 times
masetromain
2 years, 4 months ago
Option A: Ensure that blocking all public access has not been enabled in the S3 bucket, while this is important, this is not the cause of the issue since the developer is using an S3 endpoint inside a VPC, not public access. Option C: Verify that the IAM role has the correct trust relationship configured, while this is important, this is not the cause of the issue since the developer is able to assume the correct IAM role. Option D: Check that local firewall rules are not preventing access to the S3 endpoint, While this is important, this is not the cause of the issue since the developer is able to assume the correct IAM role, and the S3 bucket policy and the NACL are also valid.
upvoted 1 times
...
...
Ni_yot
2 years, 6 months ago
Selected Answer: B
B it is
upvoted 1 times
...
AwsBRFan
2 years, 8 months ago
Selected Answer: B
B also here
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago