Home › Forums › AWS › AWS Certified Solutions Architect Associate › Regarding the question Category: CSAA – Design Secure Applications and Architect
-
Regarding the question Category: CSAA – Design Secure Applications and Architect
vinodache updated 3 years, 4 months ago 2 Members · 3 Posts -
Original Question:
A tech company that you are working for has undertaken a Total Cost Of Ownership (TCO) analysis evaluating the use of Amazon S3 versus acquiring more storage hardware. The result was that all 1200 employees would be granted access to use Amazon S3 for storage of their personal documents.
Which of the following will you need to consider so you can set up a solution that incorporates single sign-on feature from your corporate AD or LDAP directory and also restricts access for each individual user to a designated user folder in an S3 bucket? (Select TWO.)
Query: The choices does not talk of bucket access control. Shouldn’t the answer have bucket access control to ensure the access for each user is restricted to their own folder? This does not seem to be displayed in the choice.
-
Hello vinodache,
Thanks for your feedback.
I’m assuming you mean bucket policy. A bucket policy and IAM policy can be used to authenticate access to an S3 bucket. If there’s no bucket policy attached to a bucket, S3 will get its information about who can access and which objects can be accessed from the IAM Policy of the user calling the action. It’s actually a matter of preference. But as long as the question goes and the requirements it’s asking, the given correct answers are valid.
You may refer to this policy evaluation logic diagram:
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
Let me know what you think
Thanks & Regards,
Carlo @ Tutorials Dojo
- This reply was modified 3 years, 4 months ago by Carlo-TutorialsDojo.
- This reply was modified 3 years, 4 months ago by Carlo-TutorialsDojo.
- This reply was modified 3 years, 4 months ago by Carlo-TutorialsDojo.
-
HI Carlo, thank you for your response. I thought the IAM Policy can be used to access at Bucket level and not at Bucket folder level. But your answer clarifies that IAM policy can be used at bucket folder level as well.
Thanks for clarifying,
Warm regards
Vinod
Log in to reply.