You need to configure an Amazon S3 bucket to serve static assets for your public-facing web application.
Which methods ensure that all objects uploaded to the bucket are set to public read? Choose 2 answers
A.
Set permissions on the object to public read during upload.
B.
Configure the bucket ACL to set all objects to public read.
C.
Configure the bucket policy to set all objects to public read.
D.
Use AWS Identity and Access Management roles to set the bucket to public read.
E.
Amazon S3 objects default to public read, so no action is needed.
B and C
“you must grant read permission on the specific objects to make them publicly accessible so that your users can view them on your website. You make objects publicly readable by using either the object ACL or by writing a bucket policy.”
Source: https://aws.amazon.com/articles/5050
object ACL not bucket ACL
i guess A and C
A is not wrong
C is not wrong
B may be wrong (ACLs identify which AWS account or groups are allowed to perform what kind of actions https://aws.amazon.com/articles/5050)
B is Wrong:
AC are correct.
https://aws.amazon.com/articles/5050
You can use ACLs to grant permissions to individual AWS accounts; however, it is strongly recommended that you do not grant public access to your bucket using an ACL.
So the recommended approach is create bucket policy, but not ACL.
Following link give you an example about how to make the bucket content public.
http://docs.aws.amazon.com/AmazonS3/latest/dev/HostingWebsiteOnS3Setup.html#step2-add-bucket-policy-make-content-public
Correct answer is AC
A and C
B is Wrong as Below:
The website shares only the objects in your bucket that are publicly readable. This does not require that you to add any grants to your bucket ACL to provide any public access permissions. Therefore, it is strongly recommended that you remove any public access grants in your bucket ACL so that your bucket is protected from a potentially malicious user performing operations like listing all your objects, modifying objects or changing your ACLs. Follow the steps in the preceding section to remove an ACL grant that identifies everyone or the authenticated users group as the grantee.
AC
Ac
AC
AC is correct
BC
A and C are correct answer.
Answers:
B
C
https://aws.amazon.com/articles/5050
Did anyone , gave the exam recently …?
AC
The answer is B & D.
B is for Access Control List for all objects read permission
D is to create a role for S3ReadOnly policy
B,C
You must grant read permission on the specific objects to make them publicly accessible so that your users can view them on your website. You make objects publicly readable by using either the object ACL or by writing a bucket policy.” Source: https://aws.amazon.com/articles/5050
can anyone verify the answer again
Its A and C
Answer is A and C because:
A. Set permissions on the object to public read during upload. ### This will ensure all objects are readable irrespective of Bucket ACL
B. Configure the bucket ACL to set all objects to public read ### Bucket ACL configuration does not impact the Object read permission. You still have to individually set object read permission even if you set Bucket ACL to Read.
C. Configure the bucket policy to set all objects to public read. ### Best method. This does not require you to set individual object permission for public access. All existing and new objects will automatically be public read enabled if you set the bucket policy right.
D and E are wrong.