Which IAM policy snippet correctly implements least privilege to allow only listing objects in the S3 bucket project-data?

easy📝 Syntax Q3 of 15

AWS - Identity and Access Management

Which IAM policy snippet correctly implements least privilege to allow only listing objects in the S3 bucket project-data?

A{ "Effect": "Allow", "Action": "s3:*", "Resource": "arn:aws:s3:::project-data/*" }

B{ "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::project-data" }

C{ "Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::project-data/*" }

D{ "Effect": "Allow", "Action": "s3:ListAllMyBuckets", "Resource": "*" }

Step-by-Step Solution

Solution:

Step 1: Identify required permission
Listing objects requires s3:ListBucket on the bucket resource.
Step 2: Check resource scope
Resource should be the bucket ARN without /* for listing.
Step 3: Evaluate options
{ "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::project-data" } grants only s3:ListBucket on correct resource.
Final Answer:
{ "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::project-data" } correctly follows least privilege.
Quick Check:
ListBucket on bucket ARN only [OK]

Quick Trick: ListBucket action on bucket ARN only [OK]

Common Mistakes:

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes