🔥 3-day streak
AWS Certified Security - Specialty83 / 184
Question 83 of 184
A company stores build artifacts in an S3 bucket that must be readable by every account in its AWS Organization. However, one specific account (111122223333) is a sandbox that must be completely denied access to the bucket, even if an administrator in that account attaches an IAM policy granting S3 permissions. The security team wants to enforce this restriction directly on the bucket so it holds regardless of identity-based policies in member accounts. Which bucket policy construction meets these requirements?
Reviewed for accuracy · Report an issueNext question