Which of the following is the correct JSON structure to allow read-only access to an S3 bucket in an IAM policy?

easy📝 Syntax Q3 of 15

AWS - Identity and Access Management

A{"Effect": "Allow", "Action": "s3:DeleteBucket", "Resource": "arn:aws:s3:::example-bucket"}

B{"Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::example-bucket/*"}

C{"Effect": "Allow", "Action": "ec2:StartInstances", "Resource": "*"}

D{"Effect": "Deny", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::example-bucket/*"}

Step-by-Step Solution

Solution:

Step 1: Identify read-only S3 actions
Read-only access to S3 objects requires the action "s3:GetObject" on the bucket's objects.
Step 2: Check JSON structure correctness
{"Effect": "Allow", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::example-bucket/*"} correctly allows "s3:GetObject" on all objects in the bucket using the proper ARN format.
Final Answer:
Correct JSON allowing read-only S3 access -> Option B
Quick Check:
Read-only S3 = s3:GetObject [OK]

Quick Trick: Use s3:GetObject for read-only S3 access [OK]

Common Mistakes:

MISTAKES

Master "Identity and Access Management" in AWS

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More AWS Quizzes