Answer-first summary for fast verification
Answer: The allow permission is being overridden by the deny.
The correct answer is D. In AWS IAM policy evaluation logic, an explicit deny in any policy overrides any allows. Even though the engineer added a statement to allow read-only access to a specific employee, the initial policy that denies access to all users will take precedence because deny policies always override allow policies. For this reason, the employee is still receiving an 'access denied' message despite the update.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A security engineer initially sets an Amazon S3 bucket policy to deny access to all users. Subsequently, the engineer modifies the policy to grant read-only access to a specific employee. Despite the update, the employee continues to encounter an 'access denied' error. What is the most probable cause of this persistent access denial?
A
The ACL in the bucket needs to be updated.
B
The IAM policy does not allow the user to access the bucket.
C
It takes a few minutes for a bucket policy to take effect.
D
The allow permission is being overridden by the deny.
No comments yet.