A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. The bucket has both
AWS.jpg and index.html objects. What does this policy define?
“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*”},
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”, “s3:GetObject”],
“Resource”: [ “arn:aws:s3:::cloudacademy/*.jpg]
}]
A.
It will make all the objects as well as the bucket public
B.
It will throw an error for the wrong action and does not allow to save the policy
C.
It will make the AWS.jpg object as public
D.
It will make the AWS.jpg as well as the cloudacademy bucket as public
Explanation:
A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects public using the bucket
policy and user policy. Both use the JSON-based access policy language. Generally if user is defining the ACL on thebucket, the objects in the bucket do not inherit it and vice a versa. The bucket policy can be defined at the bucket level
which allows the objects as well as the bucket to be public with a single policy applied to that bucket. In the below policy
the action says “S3:ListBucket” for effect Allow and when there is no bucket name mentioned as a part of the resource,
it will throw an error and not save the policy.
“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*”},
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”, “s3:GetObject”], “Resource”:
[ “arn:aws:s3:::cloudacademy/*.jpg]
}]
B
0
0
B
0
0
It will also throw an error because of
“arn:aws:s3:::cloudacademy/*.jpg <—quotes are not closed
0
0