A group requires permissions to list an Amazon S3 bucket and delete objects from that bucket. An administrator created the following IAM policy and attached it to the group, but the group cannot delete objects. The company follows least-privilege access rules. Which statement should a solutions architect add to the policy to correct bucket access?
Choose an answer
Tap an option to check your answer.
Correct answer: [Option D — content not extractable from PDF image].
Why this is the answer
The correct option is D because it grants the s3:DeleteObject permission, which is necessary to delete objects from an S3 bucket. The Resource specifies arn:aws:s3:::your-bucket-name/, ensuring that this permission applies to all objects within the specified bucket. The existing policy likely only grants s3:ListBucket (to list the bucket's contents) but not the explicit permission to delete objects. Option A might grant broader S3 permissions than necessary, violating least privilege. Option B might specify an incorrect resource or action. Option C might grant permissions at the bucket level (arn:aws:s3:::your-bucket-name) rather than the object level (arn:aws:s3:::your-bucket-name/) for object-specific actions like deletion.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed