You Are Building a Large, Multi-Tenant SaaS (Software-As-A-Service) Application with a Component
Multiple Choice
You are building a large, multi-tenant SaaS (software-as-a-service) application with a component that fetches data to process from a customer-specific Amazon S3 bucket in their account. How should you ensure that your application follows security best practices and limits risk when fetching data from customer-owned Amazon S3 buckets?
A) Have users create an IAM user with a policy that grants read-only access to the Amazon S3 bucket required by your application, and store the corresponding access keys in an encrypted database that holds their account data.
B) Have users create a cross-account lAM role with a policy that grants read-only access to the Amazon S3 bucket required by your application to the AWS account ID running your production Sass application.
C) Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket required by your application, and securely store the corresponding access keys in the database holding their account data.
D) Have users create an Amazon S3 bucket policy that grants read-only access to the Amazon S3 bucket required by your application and limits access to the public IP address of the SaaS application.
Correct Answer:
Verified
Correct Answer:
Verified
Q73: A production account has a requirement that
Q74: A company has multiple development teams sharing
Q75: A company must ensure consistent behavior of
Q76: An application is running on Amazon EC2.
Q77: A developer has written an application that
Q79: A DevOps Engineer encountered the following error
Q80: A DevOps Engineer is designing a deployment
Q81: When logging with Amazon CloudTrail, API call
Q82: A legacy web application stores access logs
Q83: An application runs on Amazon EC2 instances