Challenge #1



  • 2 x AWS Accounts (Account A & Account B)
  • S3 buckets created in both accounts with specific bucket policy
  • IAM entity with permissions
  • Time limit: 25 minutes

For this exercise buddy up to use each other’s accounts, agree who will be account #1 and who will be account #2.


AWS Account B (Source account) IAM Entity requires access to S3 bucket residing in Account A (destination) restricted to a specific IP address. In addition to that a folder named secret in S3 bucket should have no access given to any external AWS account entity.

Test with downloading successfully an object from Account A S3 bucket to Account B & access denied for the secret folder objects. Ensure to complete the challenge for both AWS accounts in the team.