ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer Associate All Questions

View all questions & answers for the AWS Certified Developer Associate exam
Go to Exam

Exam AWS Certified Developer Associate topic 1 question 307 discussion

Exam question from Amazon's AWS Certified Developer Associate
Question #: 307
Topic #: 1
[All AWS Certified Developer Associate Questions]

A developer is managing an application that uploads user files to an Amazon S3 bucket named companybucket. The company wants to maintain copies of all the files uploaded by users for compliance purposes, while ensuring users still have access to the data through the application.

Which IAM permissions should be applied to users to ensure they can create but not remove files from the bucket?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by DrCloud at Nov. 24, 2022, 3:50 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
rcaliandro
1 year, 11 months ago
Selected Answer: D
So A and C have s3:DeleteObject as allowed method and those are to be excluded. The B has the method s3:CreateBucket and s3:GetBucketLocation that allow the application to create a bucket and to get location but we can't add or download elements from the bucket. So, also the B is incorrect. The correct answer iisssssss................. D! We do need s3:GetObject to retrive elements from the bucket and s3:PutObject to upload the object on the cloud
upvoted 3 times
...
mrbig00
2 years, 6 months ago
Selected Answer: D
To ensure that users can create but not remove files from the Amazon S3 bucket, the developer should apply the following IAM permissions to the users: s3:PutObject: This permission allows users to add objects to the bucket. s3:GetObject: This permission allows users to download the objects in the bucket. The developer should not grant the s3:DeleteObject permission, which would allow users to remove objects from the bucket. By not granting this permission, the company can maintain copies of all files uploaded by users for compliance purposes, while still allowing users to access the data through the application.
upvoted 2 times
...
k1kavi1
2 years, 6 months ago
Selected Answer: D
Choosing D
upvoted 2 times
...
michaldavid
2 years, 6 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
DrCloud
2 years, 6 months ago
Ans: D To accomplish: "can create but not remove files" -- Need: "Put Object" -- Don't need: "Delete Object" https://docs.aws.amazon.com/cli/latest/reference/s3api/put-object.html
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel