Complete the code to specify the effect that allows access in an IAM policy statement.
{
"Effect": "[1]",
"Action": "s3:ListBucket",
"Resource": "arn:aws:s3:::example_bucket"
}The Effect field in an IAM policy must be either Allow or Deny. To grant access, use Allow.
Complete the code to specify the action that allows reading objects from an S3 bucket.
{
"Effect": "Allow",
"Action": "[1]",
"Resource": "arn:aws:s3:::example_bucket/*"
}The s3:GetObject action allows reading objects from an S3 bucket.
Fix the error in the policy statement by completing the missing resource ARN for an S3 bucket.
{
"Effect": "Allow",
"Action": "s3:ListBucket",
"Resource": "[1]"
}The s3:ListBucket action requires the bucket ARN without the trailing slash or wildcard.
Fill both blanks to complete the condition that allows access only if the request comes from a specific IP address.
{
"Effect": "Allow",
"Action": "s3:*",
"Resource": "arn:aws:s3:::example_bucket/*",
"Condition": {
"IpAddress": {
"aws:SourceIp": "[1]"
},
"Bool": {
"aws:SecureTransport": "[2]"
}
}
}The IpAddress condition restricts access to the specified IP range. The aws:SecureTransport condition set to true requires HTTPS.
Fill all three blanks to complete the policy statement that denies all actions except listing the bucket and getting objects.
{
"Effect": "[1]",
"NotAction": ["[2]", "[3]"],
"Resource": "arn:aws:s3:::example_bucket/*"
}The Effect is set to Deny to block all actions except those listed in NotAction. Here, listing the bucket and getting objects are allowed.