A company has external vendors that must deliver files to the company. These vendors have cross-account permission to upload objects to one of the company’s S3 buckets.
Which step is required by the vendor to allow company users to access the files?

Answer options:

A.Attach an IAM role to the bucket that grants the bucket owner full permissions to the object.
B.Add a grant to the object’s ACL giving full permissions to the bucket owner.
C.Encrypt the object with a KMS key controlled by the company.
D.Add a bucket policy to the bucket that grants the bucket owner full permissions to the object.
E.Upload the file to the company’s S3 bucket.

Answer: B
Options A is incorrect because bucket ACLs are used to give grants to bucket owners and not the IAM role.
Option B is CORRECT because adding a grant to the S3 bucket`s ACL will give full permission to the bucket owner.
Option C is incorrect because encryption is not part of the requirement.
Option D is incorrect because bucket ACLs are used to give grants to bucket owners and not the bucket policy.
Option E is incorrect as it does not grant permission to the bucket owner.
This scenario is given in the AWS Documentation:
 A bucket owner can enable other AWS accounts to upload objects. These objects are owned by the accounts that created them. The bucket owner does not own objects that the bucket owner did not create. Therefore, for the bucket owner to grant access to these objects, the object owner must first grant permission to the bucket owner to use an object ACL. The bucket owner can then delegate those permissions via a bucket policy. In this example, the bucket owner delegates permission to users in its own account.
For more information on this scenario, please see the below Link:
https://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example3.html