AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
Your AWS account now has a growing number of 200 users. You aim to provide each of these users with a personal space within the S3 bucket named 'my_company_space'. Specifically, you want to assign each user a directory within the bucket with the prefix /home/
What is the most efficient way to accomplish this goal?
Explanation:
Create one customer-managed policy with policy variables and attach it to a group of all users
You can assign access to "dynamically calculated resources" by using policy variables, a feature that lets you specify placeholders in a policy. When the policy is evaluated, the policy variables are replaced with values that come from the context of the request itself.
This is ideal when you want want to generalize the policy so it works for many users without having to make a unique copy of the policy for each user. For example, consider writing a policy to allow each user to have access to his or her own objects in an Amazon S3 bucket, as in the previous example. But don't create a separate policy for each user that explicitly specifies the user's name as part of the resource. Instead, create a single group policy that works for any user in that group.