AWS Certified AI Practitioner (AIF-C01) — Question 56

A company wants to develop a large language model (LLM) application by using Amazon Bedrock and customer data that is uploaded to Amazon S3. The company's security policy states that each team can access data for only the team's own customers.
Which solution will meet these requirements?

Answer options

• A. Create an Amazon Bedrock custom service role for each team that has access to only the team's customer data.
• B. Create a custom service role that has Amazon S3 access. Ask teams to specify the customer name on each Amazon Bedrock request.
• C. Redact personal data in Amazon S3. Update the S3 bucket policy to allow team access to customer data.
• D. Create one Amazon Bedrock role that has full Amazon S3 access. Create IAM roles for each team that have access to only each team's customer folders.

Correct answer: A

Explanation

Option A is correct because creating a custom service role for each team ensures that access is limited to only their specific customer data, adhering to the security policy. Options B and C do not guarantee that teams will only access their own customers' data, potentially violating the security policy. Option D provides broader access than necessary, as a single role with full access can lead to data leakage between teams.