[Solved] What is the issue with this bucket policy snippet?{ "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::mybucket" } | AWS

AWS - S3 Fundamentals

What is the issue with this bucket policy snippet?

{
  "Effect": "Allow",
  "Principal": "*",
  "Action": "s3:GetObject",
  "Resource": "arn:aws:s3:::mybucket"
}

AThe Resource ARN should include a wildcard (/*) to specify objects inside the bucket

BThe Principal cannot be "*" for s3:GetObject action

CThe Effect should be "Deny" to allow access

DThe Action "s3:GetObject" is invalid in bucket policies

Step-by-Step Solution

Solution:

Step 1: Understand resource ARN for object actions
Actions like s3:GetObject require specifying objects, so the ARN must end with /*.
Step 2: Check the given ARN
The ARN "arn:aws:s3:::mybucket" refers only to the bucket itself, not objects inside.
Step 3: Identify the error
Missing /* means the policy does not apply to objects, so access won't be granted.
Final Answer:
The Resource ARN should include a wildcard (/*) to specify objects inside the bucket is correct.
Quick Check:
Object actions require resource ARN with /* suffix [OK]

Quick Trick: Object actions require resource ARN with /* suffix [OK]

Common Mistakes:

Master "S3 Fundamentals" in AWS

9 interactive learning modes - each teaches the same concept differently

More AWS Quizzes

What is the issue with this bucket policy snippet?