The following policy can be attached to an IAM group. It lets an IAM user in that group a…

Question

The following policy can be attached to an IAM group. It lets an IAM user in that group access a "home directory" in AWS S3 that matches their user name using the console.
{
"Version": "2012-10-17",
"Statement": [
{
"Action": ["s3:*"],
"Effect": "Allow",
"Resource": ["arn:aws:s3:::bucket-name"],
"Condition":{"StringLike":{"s3:prefix":["home/${aws:username}/*"]}}
},
{
"Action":["s3:*"],
"Effect":"Allow",
"Resource": ["arn:aws:s3:::bucket-name/home/${aws:username}/*"]
}
]
}

Accepted Answer

Correct answer: B. B. False — This statement is False because the AWS S3 console requires additional permissions to navigate to a specific folder path. To use the console, users must have permission to list the root of the bucket and the parent folders (such as 'home/'), which this policy does not allow due to the strict prefix constraint. Consequently, an IAM user attempting to use the S3 console with only this policy will encounter an Access Denied error.

AWS Certified Solutions Architect – Professional — Question 938

Answer options

Correct answer: B

Explanation