Bird
0
0

What will happen if a bucket policy explicitly allows s3:PutObject for a user but the IAM user policy denies it?

medium📝 Predict Output Q5 of 15
AWS - S3 Fundamentals
What will happen if a bucket policy explicitly allows s3:PutObject for a user but the IAM user policy denies it?
AThe user will be allowed to put objects because bucket policy allows it
BThe user will be denied only if the bucket policy also denies it
CThe user will be denied because IAM policy denies it
DThe user will be allowed only if the bucket is public
Step-by-Step Solution
Solution:

  1. Step 1: Understand policy evaluation order

    Explicit Deny in any policy overrides Allow in others.

  2. Step 2: Apply to IAM and bucket policies

    IAM user policy denies s3:PutObject, so user is denied despite bucket policy Allow.

  3. Final Answer:

    The user will be denied because IAM policy denies it -> Option C

  4. Quick Check:

    Explicit Deny anywhere overrides Allow = D [OK]
Quick Trick: Explicit Deny in IAM or bucket policy always blocks access [OK]
Common Mistakes:
  • Assuming bucket policy overrides IAM
  • Ignoring explicit Deny precedence
  • Thinking public bucket affects IAM Deny

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Basic CLI commands (s3, ec2) - Quiz 11easy AWS CLI - Why CLI matters for automation - Quiz 4medium Cloud Computing Fundamentals - Why cloud over on-premises - Quiz 7medium Cloud Computing Fundamentals - AWS Management Console walkthrough - Quiz 1easy Identity and Access Management - IAM roles concept - Quiz 13medium Security Groups and Network ACLs - Security group as virtual firewall - Quiz 8hard Security Groups and Network ACLs - Inbound and outbound rules - Quiz 10hard VPC Fundamentals - NAT Gateway for private subnet internet - Quiz 6medium VPC Fundamentals - VPC peering concept - Quiz 11easy VPC Fundamentals - Creating a custom VPC - Quiz 2easy