Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?

By:
On:
In: CLF-C01
Tagged:
With: 0 Comments
A developer wants to use an Amazon S3 bucket to store application logs that contain sensitive data.

Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?

Security groups

Amazon CloudWatch

AWS CloudTrail

ACLs

Explanations:

Security groups are used to control inbound and outbound traffic to AWS resources, particularly for Amazon EC2 instances. They do not apply to S3 buckets, which manage access through IAM policies and bucket policies.

Amazon CloudWatch is primarily used for monitoring and logging AWS resources and applications. While it can be used to monitor logs, it does not provide mechanisms for restricting access to S3 buckets.

AWS CloudTrail is used for logging and monitoring account activity across AWS services. It provides audit logs but does not control access to S3 buckets. Access control is managed through IAM policies and bucket policies.

ACLs (Access Control Lists) can be used to manage permissions for S3 buckets, allowing the developer to specify which AWS accounts or groups have read and write access. However, for more granular control, IAM policies and bucket policies are often preferred.

Leave a Reply

Your email address will not be published. Required fields are marked *

10 − three =