A company has application logs from AWS accounts in an organization in AWS Organizations. A security engineer is copying these logs to a centralized Amazon S3 bucket in the security team’s AWS account.
Each of the company’s applications is in its own AWS account. Logs are encrypted and pushed into S3 buckets that are associated with each account.
The security engineer deploys an AWS Lambda function into each account to copy the relevant log files to the centralized S3 bucket. The Lambda function can copy the log files in the centralized S3 bucket.
The Lambda function’s IAM execution role policy from the security team’s AWS account is the following:
The centralized S3 bucket policy is the following:
The security engineer needs to remove excess permissions while ensuring the functionality of the solution.
Which changes to the policies meet these requirements? (Choose two.)
A. Update the centralized S3 bucket policy to the following:
B. Update the centralized S3 bucket policy to the following:
C. Update the Lambda IAM execution role policy to the following:
D. Update the Lambda IAM execution role policy to the following:
E. Update the Lambda IAM execution role policy to the following:
Suggested Answer: AE
Community Answer: BD
This question is in SCS-C01 AWS Certified Security – Specialty Exam
For getting AWS Certified Security – Specialty Certificate
Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
