A company is using an AWS CodeBuild project to build and package an application. The packages are copied to a shared Amazon S3 bucket before being deployed across multiple AWS accounts. The buildspec.yml file contains the following: 
The DevOps Engineer has noticed that anybody with an AWS account is able to download the artifacts. What steps should the DevOps Engineer take to stop this?
A) Modify the post_build to command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only. Modify the post_build to command to use --acl public-read and configure a bucket policy that grants read access to the relevant AWS accounts only.
B) Configure a default ACL for the S3 bucket that defines the set of authenticated users as the relevant AWS accounts only and grants read-only access.
C) Create an S3 bucket policy that grants read access to the relevant AWS accounts and denies read access to the principal "*"
D) Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only. Modify the post_build command to remove --acl authenticated-read and configure a bucket policy that allows read access to the relevant AWS accounts only.
Correct Answer:
Verified
Q177: An application runs on Amazon EC2 instances
Q178: A rapidly growing company wants to scale
Q179: A DevOps Engineer needs to design and
Q180: A DevOps Engineer must automate a weekly
Q181: A DevOps Engineer just joined a new
Q183: A company is reviewing its IAM policies.
Q184: A DevOps Engineer is asked to implement
Q185: A Development team is adding a new
Q186: A Security team is concerned that a
Q187: A DevOps Engineer is launching a new
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents