U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon SCS-C03 Exam - Topic 4 Question 13 Discussion

AWS Config cannot deliver configuration snapshots to Amazon S3.Which TWO actions will remediate this issue?
A) Verify the S3 bucket policy allows config.amazonaws.com. and B) Verify the IAM role has s3:GetBucketAcl and s3:PutObject permissions.
C) Verify the S3 bucket can assume the IAM role.
D) Verify IAM policy allows AWS Config to write logs.
E) Modify AWS Config API permissions.

Amazon SCS-C03 Exam - Topic 4 Question 13 Discussion

Actual exam question for Amazon's SCS-C03 exam
Question #: 13
Topic #: 4
[All SCS-C03 Questions]

AWS Config cannot deliver configuration snapshots to Amazon S3.

Which TWO actions will remediate this issue?

Show Suggested Answer Hide Answer
Suggested Answer: A, B

AWS Config requires permissions at two levels to deliver configuration data: the AWS Config service role and the S3 bucket policy. The AWS Certified Security -- Specialty Study Guide states that the S3 bucket policy must explicitly allow the config.amazonaws.com service principal to write objects. Additionally, the IAM role used by AWS Config must allow s3:GetBucketAcl and s3:PutObject.

If either permission is missing, AWS Config cannot deliver snapshots and will log delivery errors in CloudTrail. This dual-permission model ensures least privilege while maintaining secure delivery of compliance data.

Other options reference incorrect principals or irrelevant permissions.

Referenced AWS Specialty Documents:

AWS Certified Security -- Specialty Official Study Guide

AWS Config Prerequisites


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel