You are working for a company which runs a financial investments blog. Your researchers work with a number of different partners to gather insights into the financial markets. You have engaged a company called TopInsights to provide a series of market research reports which they are committed to completing over the next 6 months. You have asked them to provide the completed reports in pdf format and save them to an S3 bucket that you own. TopInsights already use S3 to store all of their internal documentation. What will you need to do to enable TopInsights to deliver their reports to your S3 bucket?
a. Create an IAM user with write permission to the S3 bucket. Provide the username and password of this user to the analyst at TopInsights
b. Create an IAM role with write permission to the S3 bucket. Configure a trust relationship between your AWS account and the AWS account belonging to TopInsights.
c. Configure S3 replication to replicate the data from the S3 bucket from the external account to your own S3 bucketSELECTED
d. Create an IAM user with write permission to the S3 bucket. Provide the access key ID and secret access key of this user to the analyst at TopInsights
I am not sure why should I skip option c as cross-region replication allows the replication of object to a bucket in another account. I don’t see any security concerns or operations overhead.
1 Answers
CRR will replicate objects from the source bucket to the destination bucket. The external account uses its S3 bucket to store all of their internal documentations, but you only need some reports to be uploaded to your bucket so CRR is not a good option in this scenario.
You pointed me to the right term "Internal documentations" which I missed, thus CRR is not useful. If it was a TopInsights S3 bucket only meant to store the files for the partner company, it would have sufficed.