[Solved] Consider this IAM policy snippet attached to a user:{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource":... | AWS

AWS - Identity and Access Management

Consider this IAM policy snippet attached to a user:

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": ["s3:ListBucket"],
    "Resource": ["arn:aws:s3:::example-bucket"]
  }]
}

What can this user do?

AUpload files to example-bucket

BList the contents of the example-bucket

CDelete files from example-bucket

DAccess all S3 buckets

Step-by-Step Solution

Solution:

Step 1: Analyze the policy actions
The policy allows only the "s3:ListBucket" action on the specific bucket resource.
Step 2: Determine allowed operations
"s3:ListBucket" lets the user see the list of objects but not upload or delete.
Final Answer:
List the contents of the example-bucket -> Option B
Quick Check:
Action = s3:ListBucket means list only [OK]

Quick Trick: Check the Action field to know allowed operations [OK]

Common Mistakes:

Assuming upload or delete permissions from list permission
Thinking the policy applies to all buckets
Ignoring the specific resource ARN

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More AWS Quizzes

Consider this IAM policy snippet attached to a user:

Step 1: Analyze the policy actions

Step 2: Determine allowed operations

Final Answer:

Quick Check:

Want More Practice?