Ends in

ALL AWS Specialty Practice Exams for only $17.99 $13.99 each!

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Associate Regarding the question Category: CSAA – Design Secure Applications and Architect

  • Regarding the question Category: CSAA – Design Secure Applications and Architect

  • vinodache

    May 10, 2021 at 8:15 pm

    Original Question:

    A tech company that you are working for has undertaken a Total Cost Of Ownership (TCO) analysis evaluating the use of Amazon S3 versus acquiring more storage hardware. The result was that all 1200 employees would be granted access to use Amazon S3 for storage of their personal documents.

    Which of the following will you need to consider so you can set up a solution that incorporates single sign-on feature from your corporate AD or LDAP directory and also restricts access for each individual user to a designated user folder in an S3 bucket? (Select TWO.)

    Query: The choices does not talk of bucket access control. Shouldn’t the answer have bucket access control to ensure the access for each user is restricted to their own folder? This does not seem to be displayed in the choice.

  • Carlo-TutorialsDojo

    May 15, 2021 at 4:28 am

    Hello vinodache,

    Thanks for your feedback.

    I’m assuming you mean bucket policy. A bucket policy and IAM policy can be used to authenticate access to an S3 bucket. If there’s no bucket policy attached to a bucket, S3 will get its information about who can access and which objects can be accessed from the IAM Policy of the user calling the action. It’s actually a matter of preference. But as long as the question goes and the requirements it’s asking, the given correct answers are valid.

    You may refer to this policy evaluation logic diagram:


    Let me know what you think

    Thanks & Regards,

    Carlo @ Tutorials Dojo

  • vinodache

    May 15, 2021 at 10:10 am

    HI Carlo, thank you for your response. I thought the IAM Policy can be used to access at Bucket level and not at Bucket folder level. But your answer clarifies that IAM policy can be used at bucket folder level as well.

    Thanks for clarifying,

    Warm regards


Viewing 1 - 3 of 3 replies

Log in to reply.

Original Post
0 of 0 posts June 2018