A. Update the S3 bucket policy to ensure that clients that use pre-signed URLs have the S3:Get* permission and the S3:List* permission to access S3 objects in the bucket.

B. Add a StringEquals condition to the IAM role policy for the EC2 instance profil

C. Configure the policy condition to restrict access based on the s3:ResourceTag/ClientId tag of each invoic

D. Tag each generated invoice with the ID of its corresponding client.

E. Update the script to use AWS Security Token Service (AWS STS) to obtain new credentials each time the script runs by assuming a new role that has S3:GetObject permission

F. Use the credentials to generate the pre-signed URLs.

G. Generate an access key and a secret key for an IAM user that has S3:GetObject permissions on the S3 bucke

H. Embed the keys into the scrip

I. Use the keys to generate the pre-signed URLs.

A. Create an Application Load Balancer with the existing EC2 instances as a target grou

B. Create an AWS WAF web ACL containing rules that protect the application from this attack, then apply it to the AL

C. Test to ensure the vulnerability has been mitigated, then redirect the Route 53 records to point to the AL

D. Update security groups on the EC2 instances to prevent direct access from the internet.

E. Create an Amazon CloudFront distribution specifying one EC2 instance as an origi

F. Create an AWS WAF web ACL containing rules that protect the application from this attack, then apply it to the distributio

G. Test to ensure the vulnerability has been mitigated, then redirect the Route 53 records to point to CloudFront.

H. Obtain the latest source code for the platform and make the necessary update

I. Test the updated code to ensure that the vulnerability has been mitigated, then deploy the patched version of the platform to the EC2 instances.

J. Update the security group that is attached to the EC2 instances, removing access from the internet to the TCP port used by the SQL databas

K. Create an AWS WAF web ACL containing rules that protect the application from this attack, then apply it to the EC2 instances.

A. Install EC2 Instance Connect on the EC2 instance

B. Update the IAM policy for the IAM role to grant the required permission

C. Use the AWS CLI to open a tunnel to connect to the instances.

D. Install EC2 Instance Connect on the EC2 instance

E. Configure the instances to permit access to the ec2-instance-connect command use

F. Use the AWS Management Console to connect to the EC2 instances.

G. Create an EC2 Instance Connect endpoint in the VP

H. Configure an appropriate security group to allow access between the EC2 instances and the endpoin

I. Use the AWS CLI to open a tunnel to connect to the instances.

J. Create an EC2 Instance Connect endpoint in the VP

K. Configure an appropriate security group to allow access between the EC2 instances and the endpoin

L. Use the AWS Management Console to connect to the EC2 instances.

A. Configure the key policy to allow only Amazon S3 to perform the kms:Encrypt action.

B. Configure the key policy to allow KMS actions only when the value for the kms:ViaService condition key matches the Amazon S3 service name.

C. Configure the application??s IAM role policy to allow Amazon S3 to perform the iam:PassRole action.

D. Configure the application??s IAM role policy to allow only S3 operations when the operations are combined with the KMS customer managed key.

A. Delegate Amazon Macie and Security Hub administration.

B. Use Amazon Inspector with Security Hub.

C. Use Inspector with Trusted Advisor.

D. Use Macie with Trusted Advisor.