Q74 — AWS DVA-C02 Ch.1

Question 74 of 100 | ← Chapter 1

A company has an Amazon S3 bucket containing sensitive data. The data must be encrypted both in transit and at rest. The company uses an AWS Key Management Service (AWS KMS) key to encrypt data in the S3 bucket. Developers need to grant several other AWS accounts permission to retrieve data from the S3 bucket using the s3:GetObject operation. How can developers enforce that all requests retrieving data use secure transport (HTTPS)?

Correct Answer: A. Define a resource-based policy on the S3 bucket that denies access when the condition 'aws:SecureTransport' equals 'false'.

Explanation

https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-policy-for-config-rule/