Complete the code to specify the bucket name in the policy.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::[1]/*"
}
]
}The bucket name should be specified directly in the resource ARN after 'arn:aws:s3:::' followed by '/*' to indicate all objects.
Complete the code to specify the action that allows reading objects from the bucket.
{
"Effect": "Allow",
"Principal": "*",
"Action": "[1]",
"Resource": "arn:aws:s3:::my-example-bucket/*"
}The action 's3:GetObject' allows users to read objects from the bucket.
Fix the error in the policy by choosing the correct principal to allow access to everyone.
{
"Effect": "Allow",
"Principal": [1],
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::my-example-bucket/*"
}The principal '*' means everyone, allowing public access.
Fill both blanks to restrict access to a specific IP address and allow only read actions.
{
"Effect": "Allow",
"Principal": "*",
"Action": "[1]",
"Resource": "arn:aws:s3:::my-example-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "[2]"
}
}
}Use 's3:GetObject' to allow read access and specify the exact IP address with '/32' to restrict access.
Fill all three blanks to create a policy that denies delete actions for everyone except a specific AWS account.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "[1]",
"Resource": "arn:aws:s3:::my-example-bucket/*",
"Condition": {
"StringNotEquals": {
"aws:PrincipalAccount": "[2]"
}
}
},
{
"Effect": "Allow",
"Principal": {"AWS": "arn:aws:iam::[3]:root"},
"Action": "s3:*",
"Resource": "arn:aws:s3:::my-example-bucket/*"
}
]
}The policy denies delete actions to everyone except the AWS account '123456789012'. The allow statement grants full access to the account '123456789012'.