S3 Access Control

5 minutes 5 Questions

S3 Access Control provides mechanisms for controlling who can access your S3 buckets and objects. There are two primary methods: Access Control Lists (ACLs) which allow fine-grained control at the object level, and Bucket Policies that define permissions for an entire bucket. Additionally, you can …

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

A company wants to provide direct read-only access for certain objects in a private Amazon S3 bucket to a third party. Which approach fulfills this requirement?

Create a pre-signed URL Enable CORS on the S3 bucket Use AWS STS to create a temporary token Enable S3 Transfer Acceleration

Correct Answer: Create a pre-signed URL

Creating a pre-signed URL allows you to provide direct read-only access to specific S3 objects in the bucket for a limited time. Other options either do not meet the direct read-only access requirement or compromise security.

Question 2

A company wants to regularly delete old and unused files in an S3 bucket while retaining only the most recent files. Which AWS service should they use to achieve this?

Enable S3 object-level logging and use Athena queries to delete files Enable S3 Inventory and use AWS Glue to delete files Use Amazon S3 Object Lifecycle Policies Deploy a Lambda function to delete the files

Correct Answer: Use Amazon S3 Object Lifecycle Policies

Amazon S3 Object Lifecycle Policies provide a way to automatically manage the lifecycle of objects in an S3 bucket. By creating lifecycle policies, you can define the transitions between storage classes or set rules for object deletion based on object age. This allows you to effectively manage the retention of files in the S3 bucket.

Question 3

A company stores confidential reports in an S3 bucket, and their employees need read access to these files using their company email addresses. Users may change email addresses or leave the company. How can the company grant appropriate access to the S3 files?

Share pre-signed URLs for each file with the employees Use AWS SSO to authenticate users, create an IAM role for the employees with access to the S3 bucket, and link the IAM role to the authenticated users Create an S3 bucket policy with restricted access to users' IP addresses Create IAM credentials for each employee and grant access to the S3 bucket

Correct Answer: Use AWS SSO to authenticate users, create an IAM role for the employees with access to the S3 bucket, and link the IAM role to the authenticated users

Using AWS Single Sign-On (SSO) to authenticate users allows the company to manage and control access based on their email addresses. Employees can use SSO with their company email credentials to obtain temporary AWS IAM role credentials, granting them the necessary S3 permissions. This approach provides flexibility when users change email addresses or leave the company.

🎓 Unlock Premium Access

AWS Certified Solutions Architect - Associate + ALL Certifications

S3 Access Control

Guide for AWS Solution Architect: Amazon S3 Access Control

AWS Certified Solutions Architect - S3 Access Control Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access