This is a dedicated watch page for a single video.
An application deployed on an Amazon Elastic Compute Cloud (Amazon EC2) instance needs to read from and write files to an S3 bucket in the same AWS account (Account A1). The application also reads (but doesn’t write) files from an S3 bucket in another AWS Account (Account A2). The company uses a multi-account strategy and each application has its own AWS account. Three teams access the company's data: the Central Cloud Team, the Application Team, and the Data Lake Team. The Central Cloud Team is responsible for the overall security and governance of the AWS environment across all AWS accounts. The Application Team is responsible for building, deploying, and running their application within the application account (Account A1) that they own and manage. Likewise, the Data Lake Team owns and manages the Data Lake account (Account A2). The Central Cloud Team has two security requirements that they want to apply: a) All AWS API calls across all accounts must be encrypted in transit and accounts can’t leave the organization on their own. b) Least privilege policy/permissions should be configured for the application in Account A1 to access files from the S3 bucket in Account A2. As an AWS Certified Security Specialist, which of the following options would you combine to implement a solution for the given security and access requirements? (Select two)