Complete the code to specify the version of the IAM policy.
{
"Version": "[1]",
"Statement": []
}The correct version for IAM policies is 2012-10-17. This version supports all current features.
Complete the code to specify the effect of the IAM policy statement.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "[1]",
"Action": "s3:ListBucket",
"Resource": "*"
}
]
}The Effect field must be either Allow or Deny. Here, Allow grants permission.
Fix the error in the action name to correctly specify S3 bucket listing.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "[1]",
"Resource": "*"
}
]
}The correct action to list objects in a bucket is s3:ListBucket. Other options are invalid.
Fill both blanks to specify a policy statement that denies deleting objects from a specific bucket.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "[1]",
"Action": "[2]",
"Resource": "arn:aws:s3:::example-bucket/*"
}
]
}To deny deleting objects, the Effect must be Deny and the Action must be s3:DeleteObject.
Fill all three blanks to create a policy statement that allows reading objects from a bucket only if the request comes from a specific IP address.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "[1]",
"Action": "[2]",
"Resource": "arn:aws:s3:::my-bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "[3]"
}
}
}
]
}The policy allows (Allow) the action s3:GetObject only if the request comes from the IP range 203.0.113.0/24.