AWS Certified Solutions Architect – Professional — Question 536

Identify a true statement about the statement ID (Sid) in IAM.

Answer options

• A. You cannot expose the Sid in the IAM API.
• B. You cannot use a Sid value as a sub-ID for a policy document's ID for services provided by SQS and SNS.
• C. You can expose the Sid in the IAM API.
• D. You cannot assign a Sid value to each statement in a statement array.

Correct answer: A

Explanation

In AWS IAM, the statement ID (Sid) is an optional identifier for policy statements that cannot be exposed or queried directly through the IAM API. Conversely, services like SQS and SNS do allow Sids to be used as sub-IDs for policy document IDs, and you can indeed assign a unique Sid to each statement within a statement array. Therefore, the restriction on exposing the Sid via the IAM API is the only true statement.