Skip to Content

Amazon CLF-C02: Which service or feature should developer use to restrict read and write access to S3 bucket?

By: Author Alex Lim

Posted on  - Last updated:

Categories Exam

Table of Contents

Question

A developer wants to use an Amazon S3 bucket to store application logs that contain sensitive data. Which AWS service or feature should the developer use to restrict read and write access to the S3 bucket?

A. Security groups
B. Amazon CloudWatch
C. AWS CloudTrail
D. ACLs

Answer

A. Security groups

Explanation

The correct answer is A. Security groups.

AWS Security groups act as virtual firewalls to control inbound and outbound traffic at the instance level. They can be associated with Amazon S3 buckets to restrict access to the data stored in the bucket.

To use security groups with an S3 bucket, the developer can follow these steps:

  1. Create a security group specifically for the S3 bucket.
  2. Add the necessary inbound rules to the security group to allow incoming requests from trusted sources (e.g., the developer’s IP address or a specific IP address range).
  3. Add the necessary outbound rules to the security group to allow the S3 bucket to communicate with other AWS services or external resources.
  4. Associate the security group with the S3 bucket.

Once the security group is associated with the S3 bucket, only entities that are allowed by the security group’s inbound rules will be able to access the data stored in the bucket. This provides a layer of protection against unauthorized access to sensitive data stored in the S3 bucket.

Option B, Amazon CloudWatch, is not relevant to restricting access to an S3 bucket. CloudWatch is a service for monitoring and logging AWS resources, but it does not provide access control.

Option C, AWS CloudTrail, is also not relevant to restricting access to an S3 bucket. CloudTrail is a service for logging and monitoring API calls made within an AWS account, but it does not provide access control.

Option D, ACLs (Access Control Lists), is not a valid option for restricting access to an S3 bucket. ACLs are used to control access to resources in an AWS account, but they are not applicable to S3 buckets.

Therefore, the correct answer is A. Security groups.

Which service or feature should developer use to restrict read and write access to S3 bucket?

Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.