Bird
0
0

Why does this bucket policy fail to grant access?

medium📝 Debug Q7 of 15
AWS - S3 Fundamentals
Why does this bucket policy fail to grant access?
{
  "Effect": "Allow",
  "Principal": {"AWS": "arn:aws:iam::123456789012:user/Alice"},
  "Action": "s3:ListBucket",
  "Resource": "arn:aws:s3:::mybucket/*"
}
AResource ARN is incorrect for ListBucket action
BPrincipal format is invalid
CAction "s3:ListBucket" does not exist
DEffect should be "Deny" to grant access
Step-by-Step Solution
Solution:

  1. Step 1: Understand ListBucket action resource requirements

    ListBucket requires bucket ARN without /*, only bucket itself.

  2. Step 2: Check Resource ARN in policy

    Resource includes /* which is for objects, so policy fails.

  3. Final Answer:

    Resource ARN is incorrect for ListBucket action -> Option A

  4. Quick Check:

    ListBucket needs bucket ARN without /* = B [OK]
Quick Trick: ListBucket uses bucket ARN without /* in Resource [OK]
Common Mistakes:
  • Using object ARN for ListBucket
  • Misformatting Principal
  • Confusing Allow and Deny effects

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS CLI - Basic CLI commands (s3, ec2) - Quiz 11easy AWS CLI - Why CLI matters for automation - Quiz 4medium Cloud Computing Fundamentals - Why cloud over on-premises - Quiz 7medium Cloud Computing Fundamentals - AWS Management Console walkthrough - Quiz 1easy Identity and Access Management - IAM roles concept - Quiz 13medium Security Groups and Network ACLs - Security group as virtual firewall - Quiz 8hard Security Groups and Network ACLs - Inbound and outbound rules - Quiz 10hard VPC Fundamentals - NAT Gateway for private subnet internet - Quiz 6medium VPC Fundamentals - VPC peering concept - Quiz 11easy VPC Fundamentals - Creating a custom VPC - Quiz 2easy