Which IAM policy snippet follows the least privilege principle for allowing S3 read-only access to a specific bucket my-bucket?

easy📝 Configuration Q12 of 15

AWS - Identity and Access Management

Which IAM policy snippet follows the least privilege principle for allowing S3 read-only access to a specific bucket my-bucket?

A{\"Effect\": \"Allow\", \"Action\": [\"s3:DeleteObject\"], \"Resource\": \"arn:aws:s3:::my-bucket/*\"}

B{\"Effect\": \"Allow\", \"Action\": \"s3:*\", \"Resource\": \"*\"}

C{\"Effect\": \"Allow\", \"Action\": [\"s3:GetObject\"], \"Resource\": \"arn:aws:s3:::my-bucket/*\"}

D{\"Effect\": \"Allow\", \"Action\": [\"ec2:StartInstances\"], \"Resource\": \"*\"}

Step-by-Step Solution

Solution:

Step 1: Identify required permissions for read-only S3 access
Read-only means allowing only s3:GetObject on the specific bucket's objects.
Step 2: Match policy actions and resources
{\"Effect\": \"Allow\", \"Action\": [\"s3:GetObject\"], \"Resource\": \"arn:aws:s3:::my-bucket/*\"} allows only s3:GetObject on my-bucket objects, following least privilege.
Final Answer:
Policy allowing only s3:GetObject on my-bucket objects -> Option C
Quick Check:
Least privilege = specific action + resource [OK]

Quick Trick: Allow only needed actions on specific resources [OK]

Common Mistakes:

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes