Home › Forums › AWS › AWS Certified Developer Associate › I Do not understand the answer to the following question
-
I Do not understand the answer to the following question
Carlo-TutorialsDojo updated 11 months, 1 week ago 2 Members · 2 Posts -
Hello all,
I’m new to this forum and would like to get help on the following question from test 1 in the aws associate developer certification set tests
A company has created a private S3 bucket named
tdojo
. The Developer IAM role must be granted read access to all objects within this bucket. However, objects stored under theqa
folder should be restricted to the QA IAM role only.Which S3 bucket policy will effectively implement the principle of least privilege access while satisfying the given requirements?
I don’t understand why the answer should be granting the developer team access to all the objects in the bucket while in the question it’s stated that the qa object should only be accessible to QA role. Thanks in advance for your help.
- This discussion was modified 11 months, 1 week ago by wail-el-edghiri.
-
Hello wail-el-edghiri,
Thanks for your feedback.
The scenario specifically states two conditions. First, the Developer IAM role needs to have read access to all objects in the bucket. This is just one part of the equation. The second piece is that the QA role should only have access to the ‘qa’ folder. The correct option must address both of these requirements.
Let me know if this answers your question.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.