Topic 1 Question 74
A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts. The buildspec.yml file contains the following:
The DevOps engineer has noticed that anybody with an AWS account is able to download the artifacts.
What steps should the DevOps engineer take to stop this?Modify the post_build command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.
Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal “*”.
Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: D
D is correct
👍 3haazybanj2023/04/30
シャッフルモード