DVA-C02 · Question #801
A developer for a company uses an Amazon S3 bucket to store log files. A bucket policy on the S3 bucket denies all write and delete operations for all principles. The developer observes that files hav
The correct answer is B. Remove any S3 Lifecycle configuration rules on the bucket that are expiring objects.. S3 Lifecycle configuration rules operate independently of bucket policies and can delete or expire objects even when write and delete actions are denied by policy. Removing lifecycle rules that expire objects prevents further automated deletions from the bucket.
Question
A developer for a company uses an Amazon S3 bucket to store log files. A bucket policy on the S3 bucket denies all write and delete operations for all principles. The developer observes that files have been deleted from the S3 bucket despite the bucket policy. The developer must prevent additional deletions from the S3 bucket. Which solution will meet this requirement?
Options
- ARemove any existing statements in the S3 bucket policy that allow delete operations.
- BRemove any S3 Lifecycle configuration rules on the bucket that are expiring objects.
- CRemove any S3 access points on the S3 bucket other company employees use.
- DRemove any Amazon EventBridge event bus rules that delete S3 objects from the S3 bucket.
How the community answered
(54 responses)- A4% (2)
- B78% (42)
- C13% (7)
- D6% (3)
Explanation
S3 Lifecycle configuration rules operate independently of bucket policies and can delete or expire objects even when write and delete actions are denied by policy. Removing lifecycle rules that expire objects prevents further automated deletions from the bucket.
Community Discussion
No community discussion yet for this question.