Dave is the main administrator in Example Corp., and he decides to use paths to help delineate the users in the company and set up a separate administrator group for each path-based division. Following is a subset of the full list of paths he plans to use:
-¢ /ma
rketing
-¢ /sales
-¢ /legal
Dave creates an administrator group for the marketing part of the company and calls it Marketing_Admin.
He assigns it the /marketing path. The groups ARN is arn:aws:iam::123456789012:group/marketing/Marketing_Admin.
Dave assigns the following policy to the Marketing_Admin group that gives the group permission to use all IAM actions with all groups and users in the /marketing path. The policy also gives the Marketing_Admin group permission to perform any AWS S3 actions on the obje
cts in the portion of the corporate bucket.
{
-Version-: -2012-10-17-,
-Statement-: [
{
-Effect-: -Deny-,
-Action-: -iam:*-,
-Resource-: [
-arn:aws:iam::123456789012:group/marketing/*-,
-arn:aws:iam::123456789012:user/marketing/*-
]
},
{
-Effect-:
-Allow-,
-Action-: -s3:*-,
-Resource-: -arn:aws:s3:::example_bucket/marketing/*-
},
{
-Effect-: -Allow-,
-Action-: -s3:ListBucket*-,
-Resource-: -arn:aws:s3:::example_bucket-,
-Condition-:{-StringLike-:{-s3:prefix-: -marketing/*-}}
}
]
}
A. True
B.
False
Explanation:
Effect Deny