CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free AWS Certified Solutions Architect Associate SAA-C03 Practice Question

To enable a serverless code execution service in Account A to interact with object storage in Account B, which approach should be used to most securely grant the required permissions in line with best practices?

  • Create an IAM role in Account B with the proper permissions for object storage and establish a trust relationship allowing the serverless function's role in Account A to assume this role.

  • Set up a role in Account B granting full access to the object storage and define a broad trust policy that permits the assumption of this role by other identities, relying on additional service-specific policies in Account A to enforce restrictions.

  • Generate access keys for a user in Account B, store them as environmental variables for the serverless function in Account A, and use these keys within the function to access the object storage.

  • Configure the object storage in Account B to be publicly accessible and regulate access using resource-based policies that check the request origin.

This question's topic:
AWS Certified Solutions Architect Associate SAA-C03 / 
Design Secure Architectures
Your Score:
Design Secure Architectures
Design Resilient Architectures
Design High-Performing Architectures
Design Cost-Optimized Architectures