Which combination of steps will meet these requirements?
(Choose two.)
Create an IAM role in the development account that the integration account and production account can assume. Attach IAM policies to the role that allow access to the feature repository and the S3 buckets.
Share the feature repository that is associated the S3 buckets from the development account to the integration account and the production account by using AWS Resource Access Manager (AWS RAM).
Use AWS Security Token Service (AWS STS) from the integration account and the production account to retrieve credentials for the development account.
Set up S3 replication between the development S3 buckets and the integration and production S3 buckets.
Create an AWS PrivateLink endpoint in the development account for SageMaker.
Explanations:
Creating an IAM role in the development account with permissions to access the feature repository and S3 buckets, which the integration and production accounts can assume, enables cross-account access securely by granting necessary permissions.
Using AWS Resource Access Manager (AWS RAM) to share the feature repository allows the development account to securely share the feature repository resources with other AWS accounts, like integration and production, without replicating the resources.
While AWS STS can provide temporary credentials, this option alone does not enable access to the feature repository or S3 buckets in the development account, as it lacks the required cross-account sharing configuration.
S3 replication only copies data between buckets and does not facilitate access to the feature repository or resource sharing. It is also inefficient for sharing feature data across environments if the repository itself is shared directly.
AWS PrivateLink provides private connectivity within VPCs but does not facilitate cross-account resource sharing for the feature repository or S3 buckets, so it does not meet the requirements.