AWS Certified Developer Associate DVA-C02 Practice Question
A development team needs to allow an external consultant's account to access a specific Amazon S3 bucket to store and retrieve files essential for a joint project. The external consultant should not be given user credentials within the team's AWS account. What type of policy should the development team attach to the S3 bucket to allow access directly to the bucket itself?
A resource-based policy, specifically an S3 bucket policy, is the correct method to directly grant permissions on the S3 bucket to entities in another AWS account without sharing any user credentials. This policy allows the external account to assume the necessary permissions. While a service control policy (SCP) applies to all IAM entities in an AWS Organizations account and does not grant permissions to outside accounts, and IAM user policies are attached directly to users within your account, not to resources.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a resource-based policy in AWS?
Open an interactive chat with Bash
How does an S3 bucket policy work?
Open an interactive chat with Bash
What are the key differences between resource-based policies and identity-based policies in AWS?
Open an interactive chat with Bash
AWS Certified Developer Associate DVA-C02
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access