Certified Security - Specialty

Sign Up Free or Log In to participate!

S3 Policy Conflicts

I am confused. You said that “If there is no explicit deny and there isn’t explicit allow then you will be allowed to access that object or bucket or that resource within S3” I believe if there is not an explicit deny nor allow then the access should be deny. Please correct me if I am wrong. Please watch the last 00:23 seconds of the lecture Policy Conflicts – Visual Diagram. Thank you for the answers in advance.

Tom Kringstad

I think you may have mis-heard him. I listened to it and I hear “If there is no explicit deny and there is an explicit allow…" Admittedly the "is an" is said pretty quickly and I understand how you may have heard it incorrectly.

2 Answers

Explicit Deny > Any explicit Allow > default implicit deny

There is a nice web page which explains the policy evaluation logic in great detail, it is a pretty long page to get through though! But may help to clarify the process if you are still struggling!


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?