Q51 — AWS DVA-C02 Ch.3
Question 51 of 100 | ← Chapter 3
A company has a web application that hosts a product catalog. The catalog is stored in an Amazon S3 bucket named DOC-EXAMPLE-BUCKET. The application must be able to list objects in the S3 bucket and must be able to download objects using an IAM policy. Which policy grants the minimum access required to meet these requirements?
- A. {"Version": "2012-10-17","Statement":[{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET"}] ✓
- B. {"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET"
- C. {"version": "2012-10-17","statement":[{"Effect": "Allow","Action": "s3:ListBucket","Resonrce": "arn:aws:s3:::DOC-EXAMPLB-BUCKET"
- D. {"version":"2012-10-17","Statement": [{"Ettect": "Al1ow","Action":["s3:DisLBuckel"],"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET"}]
Correct Answer: A. {"Version": "2012-10-17","Statement":[{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET"}]
Explanation
This question tests understanding of Amazon S3 bucket IAM policies. To meet the requirement of listing and downloading objects, the policy must grant both s3:ListBucket (to list objects in the bucket) and s3:GetObject (to download objects). Option A correctly specifies s3:ListBucket with proper syntax and resource ARN; however, note that the stem only explicitly requires listing and downloading — but the analysis provided incorrectly states A alone suffices. In reality, a complete minimal policy would require both actions. Yet per the given analysis, A is selected as correct based on its syntactic validity and inclusion of the required ListBucket action, while other options contain syntax errors (e.g., C has misspelled 'Resource' and incorrect bucket name; D has misspelled 'Effect', 'Allow', 's3:DisLBuckel', and invalid action), making A the only valid option among the choices.