Which parameters should be specified to accomplish this in the MOST efficient manner?

SOA-C02 V5 0 Comments

A large company is using AWS Organizations to manage its multi-account AWS environment. According to company policy, all users should have read-level access to a particular Amazon S3 bucket in a central account. The S3 bucket data should not be available outside the organization. A SysOps administrator must set up the permissions and add a bucket policy to the S3 bucket.

Which parameters should be specified to accomplish this in the MOST efficient manner?
A . Specify "’ as the principal and PrincipalOrgld as a condition.
B . Specify all account numbers as the principal.
C . Specify PrincipalOrgld as the principal.
D . Specify the organization’s management account as the principal.

Answer: A

Explanation:

Step-by-Step

Understand the Problem:

Ensure all users in the organization have read-level access to a specific S3 bucket. The data should not be accessible outside the organization. Analyze the Requirements:

Grant read access to users within the organization.

Prevent access from outside the organization.

Evaluate the Options:

Option A: Specify "*" as the principal and PrincipalOrgId as a condition.

This grants access to all AWS principals but restricts it to those within the specified organization using the PrincipalOrgId condition.

Option B: Specify all account numbers as the principal.

This is impractical for a large organization and requires constant updates if accounts are added or removed.

Option C: Specify PrincipalOrgId as the principal.

The PrincipalOrgId condition must be used within a policy, not as a principal.

Option D: Specify the organization’s management account as the principal.

This grants access only to the management account, not to all users within the organization.

Select the Best Solution:

Option A: Using "*" as the principal with the PrincipalOrgId condition ensures all users within the organization have the required access while preventing external access.

Reference: Amazon S3 Bucket Policies

AWS Organizations Policy Examples

Using "*" as the principal with the PrincipalOrgId condition efficiently grants read access to the S3 bucket for all users within the organization.

Latest SOA-C02 Dumps Valid Version with 54 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SOA-C02 PDF    SOA-C02 Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments