AWS Certified DevOps Engineer – Professional — Question 52

A DevOps Engineer needs to back up sensitive Amazon S3 objects that are stored within an S3 bucket with a private bucket policy using the S3 cross-region replication functionality. The objects need to be copied to a target bucket in a different AWS Region and account.
Which actions should be performed to enable this replication? (Choose three.)

Answer options

• A. Create a replication IAM role in the source account.
• B. Create a replication IAM role in the target account.
• C. Add statements to the source bucket policy allowing the replication IAM role to replicate objects.
• D. Add statements to the target bucket policy allowing the replication IAM role to replicate objects.
• E. Create a replication rule in the source bucket to enable the replication.
• F. Create a replication rule in the target bucket to enable the replication.

Correct answer: A, D, E

Explanation

The correct answer includes creating a replication IAM role in the source account (A), adding statements to the target bucket policy to allow the replication IAM role to replicate objects (D), and creating a replication rule in the source bucket (E) to enable the replication process. Options B and C are incorrect because the replication role must be established in the source account, and the source bucket policy needs to allow replication, not the target bucket policy.