Answer-first summary for fast verification
Answer: IAM policy variables
Instead of creating individual policies for each user, you can use policy variables and create a single policy that applies to multiple users (a group policy). Policy variables act as placeholders. When you make a request to AWS, the placeholder is replaced by a value from the request when the policy is evaluated. As an example, the following policy gives each of the users in the group full programmatic access to a user-specific object (their own "home directory") in Amazon S3.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
An IT company manager aims to configure access controls for team members to their individual user-specific folders within an Amazon S3 bucket named "bucket-a." For instance, user x should have access only to the directory "bucket-a/user/user-x/" and user y should be restricted to "bucket-a/user/user-y/", with similar access constraints applied to other team members.
As a Developer Associate, which IAM construct would you recommend to generalize the policy snippet for all team members, thereby eliminating the necessity for the manager to generate individual IAM policies for each team member?
A
IAM policy principal
B
AM policy condition
C
IAM policy variables
D
IAM policy resource