Home › Forums › AWS › AWS Certified Solutions Architect Associate › Query on json policy
-
Hi friends i have a query in below policy , what i understand is1) there are 2 statments in policy
2) first statement is allowing Get(read) and List access to entire bucket in account
3)second statement is allowing PUTObject(write) access only to tutorialsdojo bucket{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“s3:Get*”,
“s3:List*”
],
“Resource”: “*”
},
{
“Effect”: “Allow”,
“Action”: “s3:PutObject”,
“Resource”: “arn:aws:s3:::tutorialsdojo/*”
}
]
}Query is how come 2nd statment allowing read access to tutorialsdojo bucket as the option is correct in practice test , i lack something in understanding this question . whether both statments is evaluated seperately or how or all read and list operations allowed by default and write is restricted only to tutorialsdojo bucket
-
Hello vijayasenthil-dhandapani
For your question,
– An IAM user with this IAM policy is allowed to read objects from the ‘tutorialsdojo’ S3 bucket.
Based on the provided IAM policy, the user is only allowed to get (s3:Get*), write(s3:PutObject), and list (s3:List*) all of the objects for the ‘tutorialsdojo’ s3 bucket. Since get and list policies are *, the policy is applicable in all resources.
The s3:PutObject basically means that you can submit a PUT object request to the S3 bucket to store data.
I hope this helps.
Regards,
Gerome Pagatpatan @ Tutorials Dojo
Log in to reply.