Your company has developed a web application and is hosting it in an Amazon S3 bucket configured for static website
hosting. The application is using the AWS SDK for JavaScript in the browser to access data stored in an Amazon
DynamoDB table. How can you ensure that API keys for access to your data in DynamoDB are kept secure?
A.
Create an Amazon S3 role in IAM with access to the specific DynamoDB tables, and assign it to the bucket hosting your website.
B.
Configure S3 bucket tags with your AWS access keys for your bucket hosing your website so that the application can query them for
access.
C.
Configure a web identity federation role within IAM to enable access to the correct DynamoDB resources and retrieve temporary
credentials.
D.
Store AWS keys in global variables within your application and configure the application to use these credentials when making requests.
Agreed C
A. C is wrong no web identity federation
You’re wrong. C is correct answer.
Despite you are able to create s3 roles, it is used for s3 replication only. And you can’t attach role to a bucket.
C may be right.
A is intentionally poorly worded. Cant assign role to S3 bucket. You can create a role to give access to S3 bucket, but cant assign to a S3 bucket.