AWS Certified Solutions Architect – Associate (SAA-C03) — Question 599

A company collects 10 GB of telemetry data daily from various machines. The company stores the data in an Amazon S3 bucket in a source data account.

The company has hired several consulting agencies to use this data for analysis. Each agency needs read access to the data for its analysts. The company must share the data from the source data account by choosing a solution that maximizes security and operational efficiency.

Which solution will meet these requirements?

Answer options

• A. Configure S3 global tables to replicate data for each agency.
• B. Make the S3 bucket public for a limited time. Inform only the agencies.
• C. Configure cross-account access for the S3 bucket to the accounts that the agencies own.
• D. Set up an IAM user for each analyst in the source data account. Grant each user access to the S3 bucket.

Correct answer: C

Explanation

Configuring cross-account access (Option C) is the most secure and operationally efficient method because it delegates user management to the external agencies while maintaining strict access control via bucket policies. Making the bucket public (Option B) is highly insecure, while creating individual IAM users for external analysts (Option D) introduces significant administrative overhead and security risks. Option A is incorrect because "S3 global tables" is not a valid Amazon S3 feature.