AWS Certified Solutions Architect – Professional — Question 111

An IAM user is trying to perform an action on an object belonging to some other root account's bucket.
Which of the below mentioned options will AWS S3 not verify?

Answer options

• A. The object owner has provided access to the IAM user
• B. Permission provided by the parent of the IAM user on the bucket
• C. Permission provided by the bucket owner to the IAM user
• D. Permission provided by the parent of the IAM user

Correct answer: B

Explanation

The correct answer is B because AWS S3 does not consider permissions assigned to the IAM user's parent, as it only checks the permissions granted by the bucket owner and the object owner. Options A, C, and D involve permissions that are relevant to the access rights of the IAM user in relation to the object and bucket, which AWS S3 does verify.