AWS Certified Security - Specialty (SCS-C01)

Why take this course?
based on the scenario provided, the most appropriate answer would be D) Enable Cross-Account Access Point (CAP) with proper permissions and using encrypted endpoints. Here's why:
A) AWS Organizations: While AWS Organizations provides centralized management and control, it does not inherently address the issue of securely sharing access to an S3 bucket across different AWS accounts.
B) Bucket Policies: Bucket policies can manage permissions at the bucket level, but they do not ensure that data is encrypted in transit between AWS accounts or provide a native mechanism for implementing cross-account access with encryption by default.
C) Data Lifecycle Policies: Data Lifecycle Policies help automate the management of objects within an S3 bucket, but they also do not inherently secure data in transit between AWS accounts.
D) Enable Cross-Account Access Point (CAP) with proper permissions and using encrypted endpoints: This solution directly addresses the requirement to share access to an S3 bucket across different AWS accounts while ensuring that data is encrypted in transit. CAP allows for secure cross-account access without having to manage complex IAM roles and policies or use VPC endpoints for all traffic, which can be costlier and more complex to manage.
E) VPC Endpoint for S3: While VPC Endpoints for S3 provide private and secure access to S3 buckets, they do not inherently enforce encryption of data in transit between AWS accounts. They are also a more complex solution that might not be necessary if the communication is already encrypted using SSL/TLS through CAP with encrypted endpoints.
Therefore, D) is the best answer as it provides a secure and efficient way to share S3 resources across different AWS accounts while ensuring data is protected both at rest and in transit.
Loading charts...