AWS Certified Solutions Architect – Associate (SAA-C03) — Question 855

A company manages a data lake in an Amazon S3 bucket that numerous applications access. The S3 bucket contains a unique prefix for each application. The company wants to restrict each application to its specific prefix and to have granular control of the objects under each prefix.

Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Create dedicated S3 access points and access point policies for each application.
• B. Create an S3 Batch Operations job to set the ACL permissions for each object in the S3 bucket.
• C. Replicate the objects in the S3 bucket to new S3 buckets for each application. Create replication rules by prefix.
• D. Replicate the objects in the S3 bucket to new S3 buckets for each application. Create dedicated S3 access points for each application.

Correct answer: A

Explanation

Amazon S3 Access Points allow you to easily manage access to shared buckets by creating unique hostnames with dedicated access policies for specific prefixes, which minimizes management complexity. Managing access control lists (ACLs) via S3 Batch Operations is operationally intensive and not recommended as a modern practice. Replicating data to separate buckets for each application introduces unnecessary storage duplication, increased costs, and extra management overhead.