AWS Certified SysOps Administrator – Associate (legacy) — Question 349

A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?

Answer options

• A. IAM User ID
• B. S3 Secure ID
• C. Access ID
• D. Canonical user ID

Correct answer: D

Explanation

To grant S3 permissions to another AWS account using an Access Control List (ACL), you must identify the recipient account using its 64-character hexadecimal Canonical User ID. Other identifiers, such as IAM User IDs or Access IDs, are not supported for this purpose in S3 bucket ACLs, and 'S3 Secure ID' is not a valid AWS identifier.