You need to configure an Amazon S3 bucket to serve static assets for your public-facing web
application. Which methods ensure that all objects uploaded to the bucket are set to public
read? Choose 2 answers
A.
Set permissions on the object to public read during upload.
B.
Configure the bucket ACL to set all objects to public read.
C.
Configure the bucket policy to set all objects to public read.
D.
Use AWS Identity and Access Management roles to set the bucket to public read.
E.
Amazon S3 objects default to public read, so no action is needed.
Explanation:
https://aws.amazon.com/articles/5050
You can use ACLs to grant permissions to individual AWS accounts; however, it is strongly
recommended that you do not grant public access to your bucket using an ACL.
So the recommended approach is create bucket policy, but not ACL.
Following link give you an example about how to make the bucket content public.
http://docs.aws.amazon.com/AmazonS3/latest/dev/HostingWebsiteOnS3Setup.html#step2-
add-bucket-policy-make-content-public
The question asks “Which methods ensure that all objects uploaded to the bucket are set to public read”, not “what is the best practice of securing your S3 files”. To me “B” is looking more appropriate than “A”.
Bucket ACLs can only affect reads by IAM users. This is customer facing.
A&C
The question does not asks about recommended approach. It is clearly possible to provide public access to all the objects in a bucket using ACL:https://docs.aws.amazon.com/AmazonS3/latest/user-guide/set-bucket-permissions.html
Public access
To grant access to your bucket to the general public (everyone in the world), under Public access, choose Everyone. Granting public access permissions means that anyone in the world can access the bucket.
So the answer is B and C