Q197. A company uses Amazon S3 to host a web application. Currently the company uses a continuous integration tool running on an Amazon EC2 instance that builds and deploys the application by uploading it to an S3 bucket. A Sol

欢迎免费使用小程序搜题/刷题/查看解析,提升学历,成考自考报名,论文代写、论文查重请加客服微信skr-web


Q197. A company uses Amazon S3 to host a web application. Currently the company uses a continuous integration tool running on an Amazon EC2 instance that builds and deploys the application by uploading it to an S3 bucket. A Solutions Architect needs to enhance the security of the company's platform with the following requirements:- A build process should be run in a separate account from the account hosting the web application.- A build process should have
Minimal access in the account it operates in.- Long-lived credentials should not be used.As a start the Development team created two AWS accounts: one for the application named web account process; other is a named build account.Which solution should the Solutions Architect use to meet the security requirements?

A.In the build account create a new IAM role which can be assumed by Amazon EC2 only.Attach the role to the EC2 instance running the continuous integration process.Create an IAM policy to allow s3:PutObject calls on the S3 bucket in the web account.In the web account create an S3 bucket policy attached to the S3 bucket that allows the build account to use s3:PutObject calls.
B.In the build account create a new IAM role which can be assumed by Amazon EC2 only.Attach the role to the EC2 instance running the continuous integration process. Create an IAM policy to allow s3:PutObject calls on the S3 bucket in the web account.In the web account create an S3 bucket policy attached to the S3 bucket that allows the newly created IAM role to use s3:PutObject calls.
C.In the build account create a new IAM user. Store the access key and secret access key in AWS Secrets Manager.Modify the continuous integration process to perform a lookup of the IAM user credentials from Secrets Manager.Create an IAM policy to allow s3: PutObject calls on the S3 bucket in the web account and attack it to the user.In the web account create an S3 bucket policy attached to the S3 bucket that allows the newly created IAM user to use s3:PutObject calls.
D.In the build account modify the continuous integration process to perform a lookup of the IAM user credentials from AWS Secrets Manager.In the web
Account create a new IAM user. Store the access key and secret access key in Secrets Manager.Attach the PowerUserAccess IAM policy to the IAM user.
正确答案B
访客
邮箱
网址

通用的占位符缩略图

人工智能机器人,扫码免费帮你完成工作


  • 自动写文案
  • 自动写小说
  • 马上扫码让Ai帮你完成工作
通用的占位符缩略图

人工智能机器人,扫码免费帮你完成工作

  • 自动写论文
  • 自动写软件
  • 我不是人,但是我比人更聪明,我是强大的Ai
Top