Topic 1 Question 108
A security engineer needs to create an Amazon S3 bucket policy to grant least privilege read access to IAM user accounts that are named User1, User2, and User3. These IAM user accounts are members of the AuthorizedPeople IAM group. The security engineer drafts the following S3 bucket policy:
When the security engineer tries to add the policy to the S3 bucket, the following error message appears: "Missing required field Principal."
The security engineer is adding a Principal element to the policy. The addition must provide read access to only User1, User2, and User3.
Which solution meets these requirements?
ユーザの投票
コメント(7)
- 正解だと思う選択肢: A
Agree with AgboolaKun. What a lovely question
You can specify any of the following principals in a policy: AWS account and root user IAM roles Role sessions IAM users Federated user sessions AWS services All principals
You cannot identify a user group as a principal in a policy (such as a resource-based policy) because groups relate to permissions, not authentication, and principals are authenticated IAM entities.
👍 12[Removed]2024/05/25 - 正解だと思う選択肢: A👍 4AgboolaKun2024/05/24
- 正解だと思う選択肢: A
All others are not the valid choices since the Principal needs to be selected only for User1, User2 and User3 'only' explicitly... plus, groups can't be identified as a Principal anyways..
👍 4Aamee2024/06/03
シャッフルモード
