Crucial Exams

AWS Certified Solutions Architect Associate SAA-C03 Practice Question

To enable a serverless code execution service in Account A to interact with object storage in Account B, which approach should be used to most securely grant the required permissions in line with best practices?

  • Configure the object storage in Account B to be publicly accessible and regulate access using resource-based policies that check the request origin.

  • Generate access keys for a user in Account B, store them as environmental variables for the serverless function in Account A, and use these keys within the function to access the object storage.

  • Create an IAM role in Account B with the proper permissions for object storage and establish a trust relationship allowing the serverless function's role in Account A to assume this role.

  • Set up a role in Account B granting full access to the object storage and define a broad trust policy that permits the assumption of this role by other identities, relying on additional service-specific policies in Account A to enforce restrictions.

AWS Certified Solutions Architect Associate SAA-C03
Design Secure Architectures
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot