A user had defined an IAM policy similar to the one given below on a bucket:
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”,
“Principal”: {
“AWS”: “arn:aws:iam::12112112:user/test”
},
“Action”: [
“s3:GetBucketLocation”,
“s3:ListBucket”,
“s3:GetObject”
],
“Resource”: [
“arn:aws:s3:::passleader”
] } ] }
What will this do?
A.
It will result in an error saying invalid policy statement
B.
It will create an IAM policy for the user test
C.
Allows the user test of the AWS account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on the bucket
passleader
D.
It will allow all the IAM users of the account ID 12112112 to perform GetBucketLocation, ListBucket and GetObject on bucket passleader
Explanation:
The IAM policy allows to test a user in the account 12112112 to perform:
s3:GetBucketLocation
s3:ListBucket
s3:GetObject
Amazon S3 permissions on the passleader bucket.
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html