AWS Certified SysOps Administrator SOA-C01 – Question246

A user has granted read/write permission of his S3 bucket using ACL. Which of the below mentioned options is a valid ID to grant permission to other AWS accounts (grantee. using ACL?

A.
IAM User ID
B. S3 Secure ID
C. Access ID
D. Canonical user ID

Correct Answer: D

Explanation:

Explanation: An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups. The user can grant permission to an AWS account by the email address of that account or by the canonical user ID. If the user provides an email in the grant request, Amazon S3 finds the canonical user ID for that account and adds it to the ACL. The resulting ACL will always contain the canonical user ID for the AWS account,
and not the AWS account’s email address.