Which action is a security best practice for access to sensitive data that is stored in an Amazon S3 bucket?
Enable S3 Cross-Region Replication (CRR) on the S3 bucket.
Use IAM roles for applications that require access to the S3 bucket.
Configure AWS WAF to prevent unauthorized access to the S3 bucket.
Configure Amazon GuardDuty to prevent unauthorized access to the S3 bucket.
Explanations:
Enabling S3 Cross-Region Replication (CRR) is related to data redundancy and availability, not direct access security.
Using IAM roles for applications ensures that only authorized applications can access sensitive data in the S3 bucket, adhering to the principle of least privilege.
AWS WAF (Web Application Firewall) is designed to protect web applications, not specifically for controlling access to S3 buckets.
Amazon GuardDuty is a threat detection service that monitors for malicious activity, but it does not directly prevent unauthorized acce