You currently have an S3 bucket hosted in an AWS Account. It holds information that needs be accessed by a partner account.
Which is the MOST secure way to allow the partner account to access the S3 bucket in your account? Select 3 options.
A . Ensure an IAM role is created which can be assumed by the partner account.
B . Ensure an IAM user is created which can be assumed by the partner account.
C . Ensure the partner uses an external id when making the request
D . Provide the ARN for the role to the partner account
E . Provide the Account Id to the partner account
F . Provide access keys for your account to the partner account
Answer: A,C,D
Explanation:
Option B is invalid because Roles are assumed and not IAM users
Option E is invalid because you should not give the account ID to the partner
Option F is invalid because you should not give the access keys to the partner
The below diagram from the AWS documentation showcases an example on this wherein an IAM role and external ID is us> access an AWS account resources
For more information on creating roles for external ID’S please visit the following URL:
The correct answers are: Ensure an IAM role is created which can be assumed by the partner account. Ensure the partner uses an external id when making the request Provide the ARN for the role to the partner account
Submit your Feedback/Queries to our Experts
Leave a Reply