🔥 3-day streak
AWS Certified Data Engineer - Associate148 / 159
Question 148 of 159

A data engineering team stores curated datasets in an S3 bucket encrypted with a customer managed KMS key in Account A. A partner team in Account B is granted access to the bucket via a bucket policy, and their IAM role has s3:GetObject permission on the bucket. However, when the partner role attempts to download objects, it receives an AccessDenied error even though the S3 bucket policy allows the role. What is the MOST likely cause and correct fix?

Reviewed for accuracy · Report an issueNext question