AWS Certified SysOps Administrator – Associate (legacy) — Question 810

Is it possible to create an S3 bucket accessible only by a certain IAM user using policies in a Cloud-Formation template?

Answer options

• A. Yes, all these resources can be created using a CloudFormation template
• B. S3 is not supported by CloudFormation.
• C. No, you can only create the S3 bucket but not the IAM user.
• D. No, in the same template you can only create the S3 bucket and the relative policy.

Correct answer: A

Explanation

AWS CloudFormation fully supports the declaration of S3 buckets, IAM users, and IAM policies within a single template. By defining these resources together, you can easily use intrinsic functions like Ref to associate the IAM user with the specific S3 bucket policy. This allows for complete, automated provisioning of the entire secure access stack in one deployment.