Practice free →
HomeAWS Solutions Architect Associatecloudcomputingsecurearchitectures › An organisation needs to give a partner read-onl…

An organisation needs to give a partner read-only access to one specific S3 bucket across AWS accounts WITHOUT creating an IAM user in their own account. Which approach is correct?

AMake the bucket public so the partner can browse it
BEmail a copy of the bucket-owner's access key to the partner
CCreate an IAM role in the bucket-owner account that the partner can assume via STS, with a trust policy referencing the partner's account
DDisable IAM entirely and trust the partner
Answer & Solution
Correct answer: C. Create an IAM role in the bucket-owner account that the partner can assume via STS, with a trust policy referencing the partner's account
Cross-account assume-role via STS is the canonical pattern: define a role with the needed permissions, set a trust policy allowing the partner's principal to assume it. The other options range from credential leak to making the data public.
Solve this in the app — AWS Solutions Architect Associate practice & 24k+ MCQs →
Related questions