A publishing company's design team updates the icons and other static assets that an ecom…

Question

A publishing company's design team updates the icons and other static assets that an ecommerce web application uses. The company serves the icons and assets from an Amazon S3 bucket that is hosted in the company's production account. The company also uses a development account that members of the design team can access. After the design team tests the static assets in the development account, the design team needs to load the assets into the S3 bucket in the production account. A solutions architect must provide the design team with access to the production account without exposing other parts of the web application to the risk of unwanted changes. Which combination of steps will meet these requirements? (Choose three.)

Accepted Answer

Correct answer: A, C, E. A. In the production account, create a new IAM policy that allows read and write access to the S3 bucket. — C. In the production account, create a role Attach the new policy to the role. Define the development account as a trusted entity. — E. In the development account, create a group that contains all the IAM users of the design team Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role In the production account. — The correct steps involve creating an IAM policy in the production account (A) for the necessary access to the S3 bucket, creating a role in the production account (C) that allows the development account to assume it, and establishing a group in the development account (E) to facilitate role assumption. Options B and D are incorrect as they either focus on the wrong account or do not meet the requirement of enabling access without exposing the entire application.

AWS Certified Solutions Architect – Professional (SAP-C02) — Question 100

Answer options

Correct answer: A, C, E

Explanation