An IAM user has two conflicting policies as part of two separate groups. One policy allows him to access an S3 bucket, while another policy denies him the access. Can the user access that bucket?
A.
Yes, always
B.
No
C.
Yes, provided he accesses with the group which has S3 access
Suggested Answer:B🗳️
When a request is made, the AWS IAM policy decides whether a given request should be allowed or denied. The evaluation logic follows these rules: By default, all requests are denied. (In general, requests made using the account credentials for re-sources in the account are always allowed.) An explicit allow policy overrides this default. An explicit deny policy overrides any allows. In this case since there is an explicit deny policy, it will over ride everything and the request will be denied. Reference: http://docs.aws.amazon.com/IAM/latest/UserGuide/AccessPolicyLanguage_EvaluationLogic.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
sen12
6 months, 3 weeks ago