Which combination of steps will meet these requirements?
(Choose three.)
In the production account, create a new IAM policy that allows read and write access to the S3 bucket.
In the development account, create a new IAM policy that allows read and write access to the S3 bucket.
In the production account, create a role Attach the new policy to the role. Define the development account as a trusted entity.
In the development account, create a role. Attach the new policy to the role Define the production account as a trusted entity.
In the development account, create a group that contains all the IAM users of the design team Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role In the production account.
In the development account, create a group that contains all the IAM users of the design team Attach a different IAM policy to the group to allow the sts:AssumeRole action on the role in the development account.
Explanations:
The policy provides the necessary permissions for read and write access to the S3 bucket in the production account.
Creating a role in the production account with a policy attached allows trusted entities from the development account to assume it, controlling access to the S3 bucket securely.
Allowing the design team group in the development account to use stson the production account role enables the team to assume the role without exposing other resources.
The IAM policy for access to the S3 bucket should be created in the production account, not in the development account.
The role should be created in the production account, as the S3 bucket resides there and requires secure access controls.
The policy should allow stsaction on the role in the production account, not the development account.
I have a feeling that the answer is:
In the production account, create a new IAM policy that allows read and write access to the S3 bucket.