Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Amazon Discussions

Exam AWS Certified Solutions Architect - Professional topic 1 question 19 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 19
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

The following policy can be attached to an IAM group. It lets an IAM user in that group access a "home directory" in AWS S3 that matches their user name using the console.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::bucket-name"],
"Condition":{"StringLike":{"s3:prefix":["home/${aws:username}/*"]}}
},
{
"Action":["s3:*"],
"Effect":"Allow",
"Resource": ["arn:aws:s3:::bucket-name/home/${aws:username}/*"]
}
]
}

  • A. True
  • B. False
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Moon at Sept. 23, 2019, 5:40 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Moon
Highly Voted 2 years, 11 months ago
Answer B: explanation: https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
upvoted 17 times
fw
2 years, 11 months ago
The link indeed is very helpful. It shows how to configure policies so that user can use console to upload/download objects from S3 to his own directory. Basically two more blocks are needed (in addition to two blocks listed in this question): Block 1: Allow required Amazon S3 console permissions Block 2: Allow listing objects in root and home folders
upvoted 3 times
...
nitinz
2 years, 10 months ago
that ink is super helpful, many config are missing from it, hence B
upvoted 1 times
cldy
2 years, 10 months ago
"s:*" covers everything, so the correct answer is A TRUE.
upvoted 4 times
...
...
sarah1
2 years, 11 months ago
I thought this link was super helpful. Here's a quote: "The ListAllMyBuckets action grants David permission to list all the buckets in the AWS account, which is required for navigating to buckets in the Amazon S3 console (and as an aside, you currently can’t selectively filter out certain buckets, so users must have permission to list all buckets for console access). The console also does a GetBucketLocation call when users initially navigate to the Amazon S3 console, which is why David also requires permission for that action. Without these two actions, David will get an access denied error in the console."
upvoted 6 times
FAB1975
1 year, 11 months ago
Thank you Sarah. Really good and concise summary: Is missing: List on resource: all buckets GetBucketLocation on resource: all buckets
upvoted 1 times
...
...
...
tan9
Highly Voted 2 years, 11 months ago
User has no permission to list the ancestor directories, so that they won't be possible to navigate into their own home directory. And full working policy can be found at: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_s3_home-directory-console.html
upvoted 9 times
Musk
2 years, 11 months ago
But if they type the right URL they get in. I don't see why it would not work. The question is not whether the user can navigate down to the right path. I think it's TRUE
upvoted 6 times
...
...
amministrazione
Most Recent 3 weeks, 2 days ago
B. False
upvoted 1 times
...
Narendragpt
1 month, 3 weeks ago
A is True .
upvoted 1 times
...
SkyZeroZx
1 year, 3 months ago
Selected Answer: B
Answer B: explanation: https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
upvoted 1 times
...
sjpd10
1 year, 10 months ago
The second action provides access to all S3 buckets unlike the first with a 'Condition'
upvoted 1 times
...
roka_ua
2 years, 5 months ago
Selected Answer: B
Vote B
upvoted 1 times
...
tkanmani76
2 years, 8 months ago
Answer A - In the same link being discussed here the last block is as below - which provides * for all S3 Actions and take to his home page. { "Sid": "AllowAllS3ActionsInUserFolder", "Action":["s3:*"], "Effect":"Allow", "Resource": ["arn:aws:s3:::my-company/home/${aws:username}/*"] }
upvoted 1 times
RVivek
2 years, 8 months ago
It still gives permission only to "my-company/home/${aws:username}/*" , Permission to list all buckets is necessary to navigate to this folder
upvoted 1 times
tkanmani76
2 years, 7 months ago
Agree, stand corrected - Option B
upvoted 1 times
...
...
...
01037
2 years, 10 months ago
B. "Using the console" is the key. If only program access is needed, then it's enough.
upvoted 2 times
...
cldy
2 years, 10 months ago
A. Shouldn't s:* cover all S3 actions?
upvoted 1 times
shammous
8 months ago
The issue here is not with the action, but with which resource is applied. In our case, it's applied to the folder's content, not the folder itself.
upvoted 1 times
...
...
srknbngl
2 years, 10 months ago
Correct Answer: B
upvoted 1 times
...
fullaws
2 years, 10 months ago
B is correct (s3:ListAllMyBuckets, s3:GetBucketLocation need to Resource *)
upvoted 4 times
...
noisonnoiton
2 years, 10 months ago
go with B
upvoted 2 times
...
awssp12345
2 years, 11 months ago
Should s3:* cover all the s3 permissions including list?
upvoted 4 times
...
BillyC
2 years, 11 months ago
Yes B is Correct!
upvoted 2 times
...
amog
2 years, 11 months ago
Answer is B "using the console.". They can use this policy to access home directory by URL, but not the console
upvoted 4 times
...
Danao
2 years, 11 months ago
Missing quite a few configs, like console access, root and home folder access, etc
upvoted 1 times
...
Load full discussion...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel