Q51 — AWS DVA-C02 第3章
第 51/100 题 | ← 返回第3章
伊家交司有伊个包含产品目录的在事Web应用程序。该目录存储在伊个名为DOCEXAMPLE-BUCKET的Amazon S3存储桶中。该应用程序必场能够列出S3存储桶中的对象,小且必场能够通笔IAM策略药载对象。据种策略允许最并访问以满梦这些要求?
- A. {"Version": "2012-10-17","Statement":[{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET ✓
- B. {"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET
- C. {"version": "2012-10-17","statement":[{"Effect": "Allow","Action": "s3:ListBucket","Resonrce": "arn:aws:s3:::DOC-EXAMPLB-BUCKET
- D. {"version":"2012-10-17","Statement": [{"Ettect": "Al1ow","Action":["s3:DisLBuckel"],"Resource":"arn:aws:s3:::DOC-EXAMPLE-BUCKET
正确答案: A. {"Version": "2012-10-17","Statement":[{"Effect": "Allow","Action": "s3:ListBucket","Resource": "arn:aws:s3:::DOC-EXAMPLE-BUCKET
解析
这道题考查对 Amazon S3 存储桶 IAM 策略的理解。要满足应用程序能列出和下载对象的要求,关键在于策略中的权限设置。A 选项的策略准确地赋予了“s3:ListBucket”的允许操作,符合题目所需的最小访问权限。其他选项要么格式错误(如 C 选项的版本写法),要么权限设置不符合(如 D 选项的操作错误),所以答案是 A。 【灯笼考证提供:swufelp1999】