Telecom firm provides access to data stored in Amazon S3 bucket to external vendors on a project basis.
Once the project is completed, public access to this Amazon S3 bucket is removed.
During the security check, it was found that some of the buckets still have public access even though projects are completed.
Security Head needs you to determine all Amazon S3 buckets with public access.
Which of the following actions can be initiated to complete this task in the shortest time frame?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A.
Access Analyzer can be enabled to get a list of all Amazon S3 buckets with public access.
It can help to gather the following information.
· Bucket name.
· Discovered by Access analyzer.
· Shared through.
· Status.
· Access Level
Option C is incorrect as additional work needs to be done for the creation of the crone tool.
Option B & D are incorrect as this is a manual process & will require additional admin work.
For more information on Amazon S3 Access Analyzer, refer to the following URL-
https://docs.aws.amazon.com/AmazonS3/latest/user-guide/access-analyzer.htmlThe correct answer is A. Use Access Analyzer & create a report to find all Amazon S3 buckets with Public Access.
Explanation: Access Analyzer is a service in AWS that analyzes resource policies for AWS Identity and Access Management (IAM) and Amazon S3 Access Control Lists (ACLs) to help identify unintended access to resources that can be used to refine permissions. Access Analyzer can be used to quickly identify which S3 buckets have public access.
Option B, using the Amazon S3 console, is not a reliable method because it depends on whether the person who set up the bucket included a specific tag, which may not always be the case.
Option C, running a Cron tool from the command-line interface (CLI), is also not the best approach, because it may not be efficient and requires more time and resources.
Option D, verifying all Bucket ACLs from the command-line interface (CLI), is a valid approach, but it is not the most efficient because it requires you to check each bucket's ACLs, and it is time-consuming.
In summary, the most efficient approach is to use the Access Analyzer service, which provides a clear report to identify all S3 buckets with public access.