{"id":333,"date":"2022-02-05T18:28:27","date_gmt":"2022-02-05T18:28:27","guid":{"rendered":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/aws-devops-engineer-professional-dop-c01-question321\/"},"modified":"2022-02-05T18:28:27","modified_gmt":"2022-02-05T18:28:27","slug":"aws-devops-engineer-professional-dop-c01-question321","status":"publish","type":"post","link":"https:\/\/exampracticetests.com\/aws\/DevOps_Engineer_Professional_DOP-C01\/aws-devops-engineer-professional-dop-c01-question321\/","title":{"rendered":"AWS DevOps Engineer Professional DOP-C01 – Question321"},"content":{"rendered":"
You are building a large, multi-tenant SaaS (software-as-a-service) application with a component that fetches data to process from a customer-specific Amazon S3 bucket in their account.
\nHow should you ensure that your application follows security best practices and limits risk when fetching data from customer-owned Amazon S3 buckets?

A.<\/strong> Have users create an IAM user with a policy that grants read-only access to the Amazon S3 bucket required by your application, and store the corresponding access keys in an encrypted database that holds their account data.
B.<\/strong> Have users create a cross-account lAM role with a policy that grants read-only access to the Amazon S3 bucket required by your application to the AWS account ID running your production Sass application.
C.<\/strong> Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket required by your application, and securely store the corresponding access keys in the database holding their account data.
D.<\/strong> Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket required by your application and limits access to the public IP address of the SaaS application.<\/div>\n

<\/p>\n