AWS Certified Cloud Practitioner — Question 770

A developer wants to use an Amazon S3 bucket to store application logs that contain sensitive data.

Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?

Answer options

• A. Security groups
• B. Amazon CloudWatch
• C. AWS CloudTrail
• D. ACLs

Correct answer: D

Explanation

Access Control Lists (ACLs) allow you to manage access to S3 buckets and objects by defining which AWS accounts or groups are granted read and write permissions. Security groups act as virtual firewalls for EC2 instances and cannot be applied directly to S3 buckets, while Amazon CloudWatch and AWS CloudTrail are logging and monitoring services rather than access control mechanisms.