AWS Certified Developer - Associate

Get started today

Ultimate access to all questions.

Explanation:

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private

The first statement denies access to any objects that start with private in the EXAMPLE-BUCKET bucket. The second statement allows PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket. So the net effect is to allow PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private.

Incorrect options:

The policy provides PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket as well as provides access to all s3 actions on objects starting with private in the EXAMPLE-BUCKET bucket

The policy denies PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

These three options contradict the explanation provided above, so these options are incorrect.

Explanation:

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private

Incorrect options:

The policy provides PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

The policy denies PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

These three options contradict the explanation provided above, so these options are incorrect.

Comments (0)

No comments yet.

In the context of AWS Identity and Access Management (IAM) policies, consider the following policy attached to a user or role:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "s3:", "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/private" }, { "Effect": "Allow", "Action": ["s3:PutObject", "s3:GetObject"] "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/", } ] }

This policy is composed of two statements:

A "Deny" statement that applies to all S3 actions on objects within the path "EXAMPLE-BUCKET/private".

An "Allow" statement that permits the s3:PutObject and s3:GetObject actions on all objects within "EXAMPLE-BUCKET/*".

Based on this information, which of the following statements is correct per the given policy?

Exam-Like

The policy denies PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

0.0%

11.1%

The policy provides PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket