A company uses Amazon EMR with Spark to process data daily. The job reads from S3 and writes to S3. Recently, the job started failing with 'S3AccessDenied' errors. The IAM role used by EMR has not changed. What is the MOST likely cause?
Bucket policies can deny access even if IAM allows.
Why this answer
S3 bucket policies can be changed independently and may block access. IAM policies are not the only factor; bucket policies also apply. The role itself hasn't changed, but the bucket policy might have been updated to deny access.
Other options are less likely because the role hasn't changed and the errors are access-related.