In the context of AWS Identity and Access Management (IAM) policies, consider the following policy attached to a user or role:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": "s3:", "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/private" }, { "Effect": "Allow", "Action": ["s3:PutObject", "s3:GetObject"] "Resource": "arn:aws:s3:::EXAMPLE-BUCKET/", } ] }

This policy is composed of two statements:

A "Deny" statement that applies to all S3 actions on objects within the path "EXAMPLE-BUCKET/private".

An "Allow" statement that permits the s3:PutObject and s3:GetObject actions on all objects within "EXAMPLE-BUCKET/*".

Based on this information, which of the following statements is correct per the given policy?

Exam-Like

The policy denies PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

0.0%

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket as well as provides access to all s3 actions on objects starting with private in the EXAMPLE-BUCKET bucket

11.1%

The policy provides PutObject and GetObject access to all buckets except the EXAMPLE-BUCKET/private bucket

11.1%

The policy provides PutObject and GetObject access to all objects in the EXAMPLE-BUCKET bucket except the objects that start with private

77.8%

AWS Certified Developer - Associate

Get started today

Comments