AWS Certified SysOps Administrator SOA-C01 – Question570

A company must share monthly report files that are uploaded to Amazon S3 with a third party. The third-party user list is dynamic, is distributed, and changes frequently. The least amount of access must be granted to the third party. Administrative overhead must be low for the internal teams who manage the process.
How can this be accomplished while providing the LEAST amount of access to the third party?

A.
Allow only specified IP addresses to access the S3 buckets which will host files that need to be provided to the third party.
B. Create an IAM role with the appropriate access to the S3 bucket, and grant login permissions to the console for the third party to access the S3 bucket.
C. Create a pre-signed URL that can be distributed by email to the third party, allowing it to download specific S3 filed.
D. Have the third party sign up for an AWS account, and grant it cross-account access to the appropriate S3 bucket in the source account.

Correct Answer: A