Certified Security - Specialty

Sign Up Free or Log In to participate!

Incorrect answer option in chapter 3 quiz

You have created a new S3 bucket and you would like to configure read and write access to this bucket, only for users who are members of the Development, Test and QA teams. Each team has a different IAM Group defined in AWS. Which of the following is the simplest way to configure this?

Correct answer: Use a bucket policy to allow read and write access to the Development, Test and QA IAM groups

This is not correct as group arns cannot be added as principals in bucket policy. You would need to list individual users in those groups in the bucket policy which would make it the same thing as creating 1 Iam policy and attaching to those users aka option D- Create an IAM policy allowing read / write access to only this bucket and attach it to each user in the Development, Test and QA teams

The actual response should be create a customer managed iam policy that allows read and write access only to this bucket and attach to the iam groups


I second that 🙂

James Zheng


1 Answers

Thanks for spotting this, I’ll take a look and see if it need changing!


It still keeps wrong answer, hopefully it could be corrected soon.


Still wrong answer


You cannot specify IAM groups and instance profiles as principals.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?