Which approach will limit the access of the third party software to only the Amazon S3 bucket named "companybackup"?

A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup
and archive infrastructure. The customer plans to use third-party software to support this integration. Which
approach will limit the access of the third party software to only the Amazon S3 bucket named “companybackup”?

A customer wants to leverage Amazon Simple Storage Service (S3) and Amazon Glacier as part of their backup
and archive infrastructure. The customer plans to use third-party software to support this integration. Which
approach will limit the access of the third party software to only the Amazon S3 bucket named “companybackup”?

A.
A custom bucket policy limited to the Amazon S3 API in thee Amazon Glacier archive “company-backup”

B.
A custom bucket policy limited to the Amazon S3 API in “company-backup”

C.
A custom IAM user policy limited to the Amazon S3 API for the Amazon Glacier archive “company-backup”.

D.
A custom IAM user policy limited to the Amazon S3 API in “company-backup”.

← Previous question

Next question →

Leave a Reply 17

Kelvin Wong

Answer is D.

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html

Reply

networkmanagers

D

Reply

swagata mondal

D

Reply

Senator

D

Reply

donkeynuts

Im not sure why everyone is saying D? This mentions a third party software that wants access to s3, hence there is no IAM role?

Reply

mutiger91

The question is a bit vague about the design of the solution. Does it make more sense if you assume that the 3rd party software is running on your EC2 server and accesses the API through permissions from an IAM role assigned to your EC2 instance?

Reply

Richard Shade

I think it is B. http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html#iam-policy-ex4

Reply

Mayur

D

Reply

vladam

B is not the right answer because it doesn’t mention that you need to have an IAM user.

Right answer is D.

Reply

Ashley

Answer B

Reply

Kranthi Kumar Katepalli

Answer is D as question specifies “will limit the access of the third party software to “only” the Amazon S3 bucket named “companybackup”” As its a third party software we need an access role to be assigned in order to access AWS

Reply

someONE

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html
The Bucket Policy..

Reply

joe21

D

Reply

Jacky

D is wrong because policy can’t set on a specific resource, only on resource type.

Reply

Bob

B or D….

A and C are wrong because it limits access to Glacier

B and D can both limit access at the bucket level
Bucket policy needs a (existing) principal, user policy needs a (existing)user/group/role

https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/

Strictly answering the question, seems to me both can do the job (both assuming either principal or user/group/role exists).

But when taking into account Glacier access will be part of the solution at some time, it seems logical to manage access in one location where both can be managed; IAM

Therefore would choose D

Reply

bookernoe

D

http://docs.aws.amazon.com/AmazonS3/latest/API/Welcome.html

Reply

Neeraj

D

Reply