Bird
0
0

Given this IAM policy snippet, what is the effective permission granted?

medium📝 service behavior Q13 of 15
AWS - Identity and Access Management
Given this IAM policy snippet, what is the effective permission granted? 
{
  "Effect": "Allow",
  "Action": ["s3:PutObject", "s3:GetObject"],
  "Resource": "arn:aws:s3:::example-bucket/*"
}
ADenies all access to example-bucket
BAllows uploading and downloading objects only in example-bucket
CAllows full access to all S3 buckets
DAllows deleting objects in example-bucket
Step-by-Step Solution
Solution:

  1. Step 1: Analyze actions in the policy

    The policy allows s3:PutObject (upload) and s3:GetObject (download) actions.

  2. Step 2: Check resource scope

    The resource is limited to objects inside example-bucket, so permissions apply only there.

  3. Final Answer:

    Allows uploading and downloading objects only in example-bucket -> Option B

  4. Quick Check:

    Actions + resource = upload/download in example-bucket [OK]
Quick Trick: Check actions and resource ARN carefully [OK]
Common Mistakes:
MISTAKES
  • Assuming delete permission is included
  • Thinking permissions apply to all buckets
  • Confusing allow with deny

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More AWS Quizzes
AWS Account and Billing - Resource tagging for cost tracking - Quiz 1easy AWS Account and Billing - Creating an AWS account - Quiz 9hard AWS CLI - CLI scripting basics - Quiz 10hard Identity and Access Management - IAM roles concept - Quiz 8hard Identity and Access Management - Managed vs inline policies - Quiz 5medium S3 Fundamentals - S3 encryption options - Quiz 14medium S3 Fundamentals - Buckets and objects concept - Quiz 13medium S3 Fundamentals - S3 encryption options - Quiz 11easy Security Groups and Network ACLs - Security groups vs NACLs decision - Quiz 3easy VPC Fundamentals - Internet Gateway for public access - Quiz 10hard