Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

Practice Test + eBook Bundle Sale - Buy our Practice Test and get the supplementary eBook at 50% OFF

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Confusion regarding S3 access using IAM

  • Confusion regarding S3 access using IAM

     Rumman updated 3 years, 5 months ago 2 Members · 3 Posts
    AWS Certified Solutions Architect Associate

  • Rumman

    Member
    November 25, 2020 at 2:01 am

    *** *** *** *** *** *** *** *** *** *** ***
    In the question Topic-Based – IAM (SA-Associate)

    Category: CSAA – Design Secure Applications and Architectures

    A tech company that you are working for has undertaken a Total Cost Of Ownership (TCO) analysis evaluating the use of Amazon S3 versus acquiring more storage hardware. The result was that all 1200 employees would be granted access to use Amazon S3 for storage of their personal documents.

    Which of the following will you need to consider so you can set up a solution that incorporates a single sign-on feature from your corporate AD or LDAP directory and also restricts access for each individual user to a designated user folder in an S3 bucket? (Select TWO.)

    —- —- —-

    The correct answer is given

    – Configure an IAM role and an IAM Policy to access the bucket.
    – Set up a Federation proxy or an Identity provider, and use AWS Security Token Service to generate temporary tokens.

    *** *** *** *** *** *** *** *** *** *** ***

    I am wondering how this will grant access to each individual user a dedicated user folder? What I understood each user will need to have access to their own folder as the document will be personal. It seems like this will give access to the whole bucket or one common folder in the bucket.

  • Gerome-TutorialsDojo

    Member
    November 25, 2020 at 7:37 am

    Hello Raúl,

    Thanks for the reply.

    Your question is: “is it possible to grant access to each individual user a dedicated user folder?”

    – Yes, it is possible. You must configure an IAM role and an IAM Policy first to restrict the access of each individual user to a designated user folder in an S3 bucket. The purpose of the IAM role is to provide temporary credentials for the 1200 employees.

    – Based on the provided explanation in the scenario, were you able to view the reference links as well?

    You’ll see there a link to the official AWS blog where we based this scenario. Kindly check it and if you’re still in doubt, feel free to let me know

    You can also check this official AWS premium support article.

    https://aws.amazon.com/premiumsupport/knowledge-center/iam-s3-user-specific-folder/

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam on your first try!

    Regards,

    Gerome @ Tutorials Dojo

  • Rumman

    Member
    November 25, 2020 at 8:27 am

    Thanks. That resolved my questions

Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018
Now