Which step will fix this issue?

By:
On:
In: SOA-C01
Tagged:
With: 0 Comments
A SysOps Administrator is writing an AWS Lambda function in AWS Account A to put objects in an Amazon S3 bucket in AWS Account B.The Lambda function is able to successfully write new objects to the S3 bucket, but IAM users in Account B are unable to delete objects written to the bucket by Account A.

Which step will fix this issue?

Add s3:DeleteObject permission to the IAM execution role of the AWS Lambda function in Account A.

Change the bucket policy of the S3 bucket in Account B to allow s3:DeleteObject permission for Account A.

Disable server-side encryption for objects written to the S3 bucket by the Lambda function.

Modify the Lambda function to call the S3:PutObjectAcl API operation to specify bucket owner, full control.

Explanations:

Grantings3:DeleteObjectpermission to the Lambda function’s role only allows it to delete objects, not IAM users in Account B.

Changing the bucket policy to allows3:DeleteObjectfor Account A enables Account A to delete objects, not IAM users in Account B.

Disabling server-side encryption does not impact object deletion permissions; encryption settings affect only data protection, not access control.

UsingS3:PutObjectAclto specify bucket owner full control grants Account B ownership of the objects, allowing its IAM users to delete these objects.

Leave a Reply

Your email address will not be published. Required fields are marked *

2 × 2 =