🔥 3-day streak
AWS Certified Solutions Architect - Associate127 / 150
Question 127 of 150
A company uses AWS Organizations with all features enabled. A developer in a member account has an IAM policy that explicitly allows all Amazon S3 actions (s3:*). The organizational unit (OU) containing that account has an SCP attached that allows only Amazon EC2 and Amazon CloudWatch actions. When the developer tries to list S3 buckets, the request is denied. What is the correct explanation for this behavior?
Reviewed for accuracy · Report an issueNext question →