AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 47

A DevOps engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using S3 cross-Region replication functionality. The objects need to be copied to a target bucket in a different AWS Region and account.
Which combination of actions should be performed to enable this replication? (Choose three.)

Answer options

• A. Create a replication IAM role in the source account
• B. Create a replication I AM role in the target account.
• C. Add statements to the source bucket policy allowing the replication IAM role to replicate objects.
• D. Add statements to the target bucket policy allowing the replication IAM role to replicate objects.
• E. Create a replication rule in the source bucket to enable the replication.
• F. Create a replication rule in the target bucket to enable the replication.

Correct answer: A, D, E

Explanation

The correct actions to enable cross-Region replication include creating a replication IAM role in the source account (A), modifying the target bucket policy to allow the replication IAM role to replicate objects (D), and establishing a replication rule in the source bucket (E). Options B and F are incorrect because the IAM role needs to be created in the source account only, and no replication rule is required in the target bucket.