I am confused. You said that “If there is no explicit deny and there isn’t explicit allow then you will be allowed to access that object or bucket or that resource within S3” I believe if there is not an explicit deny nor allow then the access should be deny. Please correct me if I am wrong. Please watch the last 00:23 seconds of the lecture Policy Conflicts – Visual Diagram. Thank you for the answers in advance.
2 Answers
Explicit Deny > Any explicit Allow > default implicit deny
There is a nice web page which explains the policy evaluation logic in great detail, it is a pretty long page to get through though! But may help to clarify the process if you are still struggling!
https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_evaluation-logic.html
I think you may have mis-heard him. I listened to it and I hear “If there is no explicit deny and there is an explicit allow…" Admittedly the "is an" is said pretty quickly and I understand how you may have heard it incorrectly.