Which solution allows for secure datasharing without causing the institute that owns the bucket to assume all the costs for S3 requests and data transfers?
Ensure that all organizations in the partnership have AWS accounts. In the account with the S3 bucket, create a cross-account role for each account in the partnership that allows read access to the data. Have the organizations assume and use that read role when accessing the data.
Ensure that all organizations in the partnership have AWS accounts. Create a bucket policy on the bucket that owns the data. The policy should allow the accounts in the partnership read access to the bucket. Enable Requester Pays on the bucket. Have the organizations use their AWS credentials when accessing the data.
Ensure that all organizations in the partnership have AWS accounts. Configure buckets in each of the accounts with a bucket policy that allows the institute that owns the data the ability to write to the bucket. Periodically sync the data from the institute’s account to the other organizations. Have the organizations use their AWS credentials when accessing the data using their accounts.
Ensure that all organizations in the partnership have AWS accounts. In the account with the S3 bucket, create a cross-account role for each account in the partnership that allows read access to the data. Enable Requester Pays on the bucket. Have the organizations assume and use that read role when accessing the data.
Explanations:
While creating a cross-account role for each organization allows read access, it does not address the cost concern. The institute that owns the bucket would still incur costs for S3 requests and data transfers, as Requester Pays is not enabled.
This option allows the organizations in the partnership to access the data while enabling Requester Pays on the bucket. This means that the accessing accounts (the partner organizations) will cover the costs of requests and data transfers, alleviating the financial burden on the institute that owns the data.
This approach involves syncing data to each partner’s account, which would not only lead to duplication of data but also create additional costs for storage and management. The original institute would still be responsible for the initial data transfers to the other organizations, contradicting the cost-conscious requirement.
Similar to option A, this option creates cross-account roles for read access but does not specify the use of Requester Pays for the S3 bucket. Without enabling Requester Pays, the institute that owns the bucket would incur costs for the S3 requests made by partner organizations.
I categorize that the answer is:
Ensure that all organizations in the partnership have AWS accounts. Create a bucket policy on the bucket that owns the data. The policy should allow the accounts in the partnership read access to the bucket. Enable Requester Pays on the bucket. Have the organizations use their AWS credentials when accessing the data.