AWS Certified Solutions Architect Associate SAA-C03 Practice Question

An organization wants to allow an application running on EC2 instances fleet in their AWS account to access objects in an S3 bucket located in another AWS account. The S3 bucket contains confidential data that must be securely accessed. The organization wants to ensure that the application has only the required permissions to access the specific S3 bucket and objects. What is the most secure and flexible way to achieve this?

  • Create an IAM user in the S3 bucket's account and store its access keys on the EC2 instances to allow access to the bucket.

  • Copy the objects from the S3 bucket in the other account to an S3 bucket in the EC2 instance's account, and give the EC2 instances access to the local bucket.

  • Use an IAM role on the EC2 instances with permissions to access the S3 bucket, and set up cross-account access using a resource-based policy on the S3 bucket.

  • Configure the EC2 instance's security group to allow outbound traffic to the S3 bucket's VPC endpoint.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Bash, the Crucial Exams Chat Bot
AI Bot