A root account owner has given full access of his S3 bucket to one of the IAM users using the bucket ACL.
When the IAM user logs in to the S3 console, which actions can he perform?
A.
He can just view the content of the bucket
B.
He can do all the operations on the bucket
C.
It is not possible to give access to an IAM user using ACL
D.
The IAM user can perform all operations on the bucket using only API/SDK
Explanation:
Each AWS S3 bucket and object has an ACL (Access Control List. associated with it. An ACL is a list of grants
identifying the grantee and the permission granted. The user can use ACLs to grant basic read/write
permissions to other AWS accounts. ACLs use an Amazon S3–specific XML schema. The user cannot grant
permissions to other users (IAM users. in his account.
C
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
Note
When using ACLs, a grantee can be an AWS account or one of the predefined Amazon S3 groups. However, the grantee cannot be an Identity and Access Management (IAM) user. For more information about AWS users and permissions within IAM, go to Using AWS Identity and Access Management.
Yep. ACL works with group and not users
c
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
C
https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#permissions
Amazon S3 Access Control Lists (ACLs) enable you to manage access to buckets and objects