Question 17: You are working in an investment bank, which has various customer detail scanned images stored in S3 bucket, as well as their billing invoice copies are stored in it. As per the regulatory and compliance need it is mandatory that these data is not got lost. Dur........ given option for this problem?

1. You will be enabling S3 bucket versioning.
2. You will create S3 bucket policies such that only selected IP address can access data from S3 bucket.
3. You will create an IAM Role which has read access for S3 data and assign that role to EC2 instance.
4. Correct Answer
5. Correct Answer on the S3 bucket.

Correct Answer : C,E

Detailed Explaination: As we can see in the question it has following objectives.

• Object deletion and creation in the bucket should be protected.
• If object deleted then older version of object must be available.
• Web application hosted on EC2 instance must be able to access the objects from S3 bucket.

Hence, for first 1 we can enable multi factor authentication. So that to delete an object from S3 bucket requires the root account access keys and as well as code from MFA device.

For 2^nd we can enable the versioning on S3 bucket, so that even object is deleted its older version is kept. To delete object of specific version you need MFA if enabled.

To access object from web application, you should create an IAM Role, which has permission on S3 bucket to read the objects. And assign that role to EC2 instance.