Question 360:
Your company has configured an AWS organization with a master account and several organization units (OU) for its various R&D departments. There is an S3 bucket owned by AWS account A that needs to be accessed by one IAM user that belongs to another AWS account B. Account B is outside the organization. The S3 bucket policy already granted access to this account B user. In account B, the user has the IAM permissions to read the bucket. However, AWS account A has a Service Control Policy (SCP) attached to allow the bucket access only from account A users. Is the IAM user in account B able to read the files in the bucket successfully?
Answer options:
A.No, because the SCP policy takes priority and disallows the bucket access from the user in account B.B.No, because S3 cross-accounts access can only be allowed for AWS IAM users within an AWS Organization. C.No, the AWS organization should add a new OU for account B and then configure an SCP in the new OU to allow access to the S3 bucket. D.Yes. Since SCP doesn`t apply to those outside users, the user in account B has the permission to access the files in the bucket.