🔥 3-day streak
AWS Certified Developer - Associate71 / 150
Question 71 of 150

A developer builds a Lambda function in Account A that must read objects from an S3 bucket owned by Account B. The Lambda execution role already has an identity-based policy allowing s3:GetObject on the target bucket ARN. However, calls still fail with AccessDenied. The bucket is not using default encryption or ACL restrictions. What must the developer do to grant access following AWS cross-account best practices?

Reviewed for accuracy · Report an issueNext question