AWS Certified Security – Specialty (SCS-C02) — Question 4

Company A has an AWS account that is named Account A. Company A recently acquired Company B, which has an AWS account that is named Account B. Company B stores its files in an Amazon S3 bucket. The administrators need to give a user from Account A full access to the S3 bucket in Account B.
After the administrators adjust the IAM permissions for the user in Account A to access the S3 bucket in Account B, the user still cannot access any files in the S3 bucket.
Which solution will resolve this issue?

Answer options

• A. In Account B, create a bucket ACL to allow the user from Account A to access the S3 bucket in Account B.
• B. In Account B, create an object ACL to allow the user from Account A to access all the objects in the S3 bucket in Account B.
• C. In Account B, create a bucket policy to allow the user from Account A to access the S3 bucket in Account B.
• D. In Account B, create a user policy to allow the user from Account A to access the S3 bucket in Account B.

Correct answer: C

Explanation

The correct answer is C because a bucket policy is the most effective way to grant access to the entire S3 bucket for a user from another account. Option A is incorrect as bucket ACLs are less flexible and typically used for individual permissions. Option B is also wrong because object ACLs are meant for specific objects, not the entire bucket. Option D is not suitable since user policies apply to the user in their own account and do not grant cross-account access.