🔥 3-day streak
AWS Certified Security - Specialty145 / 184
Question 145 of 184
A company uses AWS Organizations with an OU named 'Workloads'. An SCP attached to that OU allows only the ec2:* and s3:* actions. A developer in a member account has an IAM identity-based policy that grants dynamodb:PutItem and s3:GetObject. The developer also has a permissions boundary attached that allows only s3:* actions. When the developer attempts to call dynamodb:PutItem, the request is denied. What is the primary reason for the denial?
Reviewed for accuracy · Report an issueNext question