SCS-C02 · Question #261
SCS-C02 Question #261: Real Exam Question with Answer & Explanation
The correct answer is C: Both bucket1 and bucket2. Bucket1's bucket policy explicitly grants "alice" access to all s3: actions for the bucket (arn:aws:s3:::bucket1) and all objects in the bucket (arn:aws:s3:::bucket1/). Alice's IAM policy grants her access to all s3: actions on bucket2 and its contents (arn:aws:s3:::bucket2, arn:
Question
An AWS account includes two S3 buckets: bucket1 and bucket2. The bucket2 does not have a policy defined, but bucketl has the following bucket policy: In addition, the same account has an IAM User named "alice", with the following IAM policy. Which buckets can user "alice" access?
Options
- Abucket1 only
- Bbucket2 only
- CBoth bucket1 and bucket2
- DNeither bucket1 nor bucket2
Explanation
Bucket1's bucket policy explicitly grants "alice" access to all s3:* actions for the bucket (arn:aws:s3:::bucket1) and all objects in the bucket (arn:aws:s3:::bucket1/). Alice's IAM policy grants her access to all s3: actions on bucket2 and its contents (arn:aws:s3:::bucket2, arn:aws:s3:::bucket2/*). Since the bucket policy for bucket1 explicitly grants Alice access to bucket1, and her IAM policy also grants her full access to bucket2, Alice can access both buckets.
Community Discussion
No community discussion yet for this question.