AWS Certified SysOps Administrator – Associate (legacy) — Question 284

A user is trying to understand the ACL and policy for an S3 bucket. Which of the below mentioned policy permissions is equivalent to the WRITE ACL on a bucket?

Answer options

• A. s3:GetObjectAcl
• B. s3:GetObjectVersion
• C. s3:ListBucketVersions
• D. s3:DeleteObject

Correct answer: D

Explanation

The WRITE Access Control List (ACL) permission on an S3 bucket allows a grantee to create, overwrite, and delete objects within that bucket. In terms of IAM policy permissions, this capability maps to s3:PutObject and s3:DeleteObject. The other options, such as s3:GetObjectAcl, s3:GetObjectVersion, and s3:ListBucketVersions, correspond to READ or READ_ACP permissions.