There is a requirement for a vendor to have access to an S3 bucket in your account.
The vendor already has an AWS account.
How can you provide access to the vendor on this bucket.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS documentation mentions.
You share resources in one account with users in a different account.
By setting up cross-account access in this way, you don't need to create individual IAM users in each account.
In addition, users don't have to sign out of one account and sign into another in order to access resources that are in different AWS accounts.
After configuring the role, you see how to use the role from the AWS Management Console, the AWS CLI, and the API.
For more information on Cross Account Roles Access, please refer to the below link:
http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.htmlIn this scenario, the requirement is to provide access to a vendor's AWS account to read from an S3 bucket in your AWS account. There are different ways to achieve this goal, but the recommended approach is to use IAM (Identity and Access Management) to create a cross-account role for the vendor's AWS account and grant that role access to the S3 bucket.
Option A and B are not recommended as they involve creating an IAM user or group for the vendor, which can be more difficult to manage and may not scale well for multiple vendors or users.
Option D involves creating an S3 bucket policy to allow access to the vendor's AWS account, which can be a viable solution but may not provide the same level of control and granularity as using IAM.
Therefore, Option C is the best option for providing the vendor access to the S3 bucket.
Here are the steps to create a cross-account role for the vendor account and grant access to the S3 bucket:
By using a cross-account role, you can grant the vendor temporary access to the S3 bucket while maintaining control over the permissions and access policies. Additionally, the vendor can only access the resources that are explicitly granted by the role, reducing the risk of unauthorized access or data breaches.