A developer is deploying on application on Amazon EC2 instances that run in Account A. In certain cases, this application needs to read data from a private
Amazon S3 bucket in Account B. The developer must provide the application access to the S3 bucket without exposing the S3 bucket to anyone else.
Which combination of actions should the developer take to meet these requirements? (Choose two.)

A. Create an IAM role with S3 read permissions in Account B.

B. Update the instance profile IAM role in Account A with S3 read permissions.

C. Make the S3 bucket public with limited access for Account A.

D. Configure the bucket policy in Account B to grant permissions to the instance profile role.

E. Add a trust policy that allows s3:Get* permissions to the IAM rote in Account B.






 

Suggested Answer: AB

Community Answer: BD




This question is in DVA-C01 AWS Certified Developer – Associate Exam
For getting AWS Certified Developer – Associate Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.