🔥 3-day streak
AWS Certified Security - Specialty85 / 184
Question 85 of 184
A company grants a partner account access to a shared S3 bucket via a bucket policy. The security team wants every principal in the partner account to be allowed to read objects EXCEPT for one specific IAM role named 'ContractorRole', which must never be able to read the objects regardless of that role's identity-based permissions. Which S3 bucket policy construct enforces this most reliably?
Reviewed for accuracy · Report an issueNext question