Topic 1 Question 152
A company has multiple Amazon VPC endpoints in the same VPC. A developer needs to configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.
Which solution will meet these requirements?
Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws:SourceVpce value in the StringNotEquals condition.
Create a single S3 bucket policy that has the aws:SourceVpc value and in the StringNotEquals condition to use VPC ID.
Create a single S3 bucket policy that has the aws:SourceVpce value and in the StringNotEquals condition to use vpce*.
Create a single S3 bucket policy that has multiple aws:sourceVpce value in the StringNotEquals condition. Repeat for all the VPC endpoint IDs.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
C works as well but It is a broad solution I think it's better practice to use D and specify the exact endpoints that the user can access from. "aws:sourceVpce": ["vpce-id1", "vpce-id2", "..."]
👍 4dilleman2023/10/10 I don't think any of the options is correct. Seriously StringNotEquals not StringEquals?
👍 3CrescentShared2023/11/13- 正解だと思う選択肢: D
in option C : Condition": { "StringNotEqualsIfExists": { "aws:sourceVpce": "vpce*", } } it might Deny access from all VPC endpoints.
so the ans is D
👍 2PrakashM142023/10/13
シャッフルモード