Explanation:
Statement 1 allows ListBucket on the bucket itself (arn:aws:s3:::finance-reports). Statement 2 allows GetObject and PutObject on objects inside it (arn:aws:s3:::finance-reports/*). Together they grant the ability to list contents, read (get) and write (put) objects in the specified bucket.
Ultimate access to all questions.
Question 1
IAM Policy
Review the following IAM policy. What actions will the attached user be able to perform?
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::finance-reports"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::finance-reports/*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::finance-reports"
},
{
"Effect": "Allow",
"Action": ["s3:GetObject", "s3:PutObject"],
"Resource": "arn:aws:s3:::finance-reports/*"
}
]
}
A
List bucket contents, read and write objects in finance-reports
B
Full S3 access to all buckets
C
Only read objects from finance-reports
D
Create and delete S3 buckets
No comments yet.