🔥 3-day streak
AWS Certified Security - Specialty127 / 157
Question 127 of 157

A company uses AWS Organizations with all features enabled. A developer's IAM user in a member account has an attached identity policy granting full access to Amazon S3 (s3:*). The account is in an OU with an SCP that allows only ec2:* and cloudwatch:* actions (no other statements, no explicit denies). The developer attempts to run s3:ListBucket. What is the result and why?

Reviewed for accuracy · Report an issueNext question