I am confused. You said that “If there is no explicit deny and there isn’t explicit allow then you will be allowed to access that object or bucket or that resource within S3” I believe if there is not an explicit deny nor allow then the access should be deny. Please correct me if I am wrong. Please watch the last 00:23 seconds of the lecture Policy Conflicts – Visual Diagram. Thank you for the answers in advance.
Explicit Deny > Any explicit Allow > default implicit deny
There is a nice web page which explains the policy evaluation logic in great detail, it is a pretty long page to get through though! But may help to clarify the process if you are still struggling!