A sysadmin has created the below mentioned policy on an S3 bucket named cloudacademy. What
does this policy define?
“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*”},
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”],
“Resource”: [ “arn:aws:s3:::cloudacademy]
}]
A.
It will make the cloudacademy bucket as well as all its objects as public
B.
It will allow everyone to view the ACL of the bucket
C.
It will give an error as no object is defined as part of the policy while the action defines the rule
about
the object
D.
It will make the cloudacademy bucket as public
Explanation:
A sysadmin can grant permission to the S3 objects or the buckets to any user or make objects
public using the bucket policy and user policy. Both use the JSON-based access policy language.
Generally if the user is defining the ACL on the bucket, the objects in the bucket do not inherit it
and vice a versa. The bucket policy can be defined at the bucket level which allows the objects as
well as the bucket to be public with a single policy applied to that bucket. In the sample policy the
action says “S3:ListBucket” for effect Allow on Resource arn:aws:s3:::cloudacademy. This will
make the cloudacademy bucket public.
“Statement”: [{
“Sid”: “Stmt1388811069831”,
“Effect”: “Allow”,
“Principal”: { “AWS”: “*” },
“Action”: [ “s3:GetObjectAcl”, “s3:ListBucket”],
“Resource”: [ “arn:aws:s3:::cloudacademy]
}]
D
D
C is the answer. I’ve just tested it
C