AWS Certified AI Practitioner Practice Exam

What is the best solution for ensuring a team's access to their respective customer data in Amazon S3 while using Amazon Bedrock?

• A. Create an Amazon Bedrock custom service role for each team that has access to only the team's customer data
• B. Create a custom service role that has Amazon S3 access
• C. Redact personal data in Amazon S3
• D. Create one Amazon Bedrock role that has full Amazon S3 access

The correct answer is: Create an Amazon Bedrock custom service role for each team that has access to only the team's customer data

The best solution for ensuring a team's access to their respective customer data in Amazon S3 while using Amazon Bedrock is to create an Amazon Bedrock custom service role for each team that has access to only the team's customer data. This approach aligns with the principle of least privilege, which suggests that users should have the minimum levels of access – or privileges – needed to perform their job functions. By assigning a dedicated service role to each team, you can fine-tune access controls, allowing only specific data that corresponds to the team's responsibilities. This enhances security by preventing exposure to other teams' data and maintaining compliance with data protection regulations. Each role would include the necessary policies that explicitly define which S3 buckets and objects can be accessed, fostering a more secure environment tailored to each team's needs. Creating a custom service role instead of a broader role helps to minimize the risk of accidental or malicious data exposure, ensuring that individuals can only work with the data pertinent to their role. The approach is scalable, as adding new teams would simply involve creating new restrictive roles instead of managing extensive permissions for an all-encompassing role.