volume_mute
Identify S3 resource-based policy and user-based policy
publish date: 2024/09/18 01:42:00 UTC
volume_mute-
(1)
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:user/ExternalUser" }, "Action": "s3:GetObject", "Resource": "arn:aws:s3:::my-bucket/*" } ] } -
(2)
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::my-bucket", "arn:aws:s3:::my-bucket/*" ] } ] }
Please drag and drop the selected option in the right place or type it instead
User-based Policy
Resource-based Policy
Correct Answer
(1) Resource-based Policy
(2) User-based Policy
Explanation
Key Differences
| Aspect | Resource-based Policy | User-based Policy |
|---|---|---|
| Attachment | Applied directly to the resource (e.g., S3 bucket) | Applied to an IAM user, group, or role |
| Defines Access For | Specifies who (user, role, account) can access the resource | Specifies what resources the user or role can access |
| Principal | Defines who has access using the Principal element |
Does not use Principal, as it’s attached to a user |
| Cross-account Use | Commonly used for cross-account access | Less suitable for cross-account access |
| Best for | Granting access to external users or roles from other accounts | Granting access to resources for users within the same account |
Reference
AWS Skill Builder