Which solution will meet these requirements?

By:
On:
In: DVA-C02
Tagged:
With: 0 Comments
A company is providing read access to objects in an Amazon S3 bucket for different customers.The company uses IAM permissions to restrict access to the S3 bucket.The customers can access only their own files.Due to a regulation requirement, the company needs to enforce encryption in transit for interactions with Amazon S3.

Which solution will meet these requirements?

Add a bucket policy to the S3 bucket to deny S3 actions when the aws:SecureTransport condition is equal to false.

Add a bucket policy to the S3 bucket to deny S3 actions when the s3:x-amz-acl condition is equal to public-read.

Add an IAM policy to the IAM users to enforce the usage of the AWS SDK.

Add an IAM policy to the IAM users that allows S3 actions when the s3:x-amz-acl condition is equal to bucket-owner-read.

Explanations:

This option ensures that all requests to the S3 bucket must use HTTPS, thus enforcing encryption in transit. By adding a bucket policy with the conditionaws:SecureTransportset to false, any non-HTTPS requests will be denied, meeting the regulatory requirement.

Denying access based on the conditions3:x-amz-aclbeing equal topublic-readdoes not enforce encryption in transit. This option addresses permissions related to object ACLs, not the security of the transport layer.

Enforcing the usage of the AWS SDK does not guarantee encryption in transit. While SDKs typically use HTTPS by default, this option does not directly enforce encryption and may not be a sufficient regulatory measure.

Allowing S3 actions based on the conditions3:x-amz-aclbeing equal tobucket-owner-readdoes not enforce encryption in transit. This condition relates to ACL permissions and does not address secure communication requirements.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × two =