DVA-C02 · Question #125
A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses IAM permissions to restrict access to the S3 bucket. The customers can access only their
The correct answer is A. Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition. This solution enforces encryption in transit for interactions with Amazon S3 by denying access to the S3 bucket if the request is not made over an HTTPS connection. This condition can be enforced by using the "aws:SecureTransport" condition key in a bucket policy.
Question
A company is providing read access to objects in an Amazon S3 bucket for different customers. The company uses IAM permissions to restrict access to the S3 bucket. The customers can access only their own files. Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3. Which solution will meet these requirements?
Options
- AAdd a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition
- BAdd a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal
- CAdd an IAM policy to the IAM users to enforce the usage of the AWS SDK.
- DAdd an IAM policy to the IAM users that allows S3 actions when the s3:x-amz-acl condition is
How the community answered
(51 responses)- A82% (42)
- B2% (1)
- C10% (5)
- D6% (3)
Explanation
This solution enforces encryption in transit for interactions with Amazon S3 by denying access to the S3 bucket if the request is not made over an HTTPS connection. This condition can be enforced by using the "aws:SecureTransport" condition key in a bucket policy.
Community Discussion
No community discussion yet for this question.