A start-up firm has created an S3 bucket “test_bucket”. The contents of this bucket should be accessible only by user ABC in AWS account 123456789012. Which of the following S3 bucket policy statements should be applied to meet security guidelines for the least privileges?

Answer options:

A. {
"Version": "2012-10-17",
"Statement":[{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::*"]
}]
 }
B.{
"Version": "2012-10-17",
"Statement":[{
"Effect": "Allow",
"Action": "s3:*",
"Resource": ["arn:aws:s3:::test_bucket",
"arn:aws:s3:::test_bucket/*"]
}]
 }
C.{
"Version": "2012-10-17",
"Statement": [{
 "Effect": "Allow",
 "Principal": {
 "AWS": ["arn:aws:iam::123456789012:user/ABC"]
 },
 "Action": "s3:*",
 "Resource": ["arn:aws:s3:::*"]
 }]
}
D.{
"Version": "2012-10-17",
"Statement": [{
 "Effect": "Allow",
 "Principal": {
 "AWS": ["arn:aws:iam::123456789012:user/ABC"]
 },
 "Action": "s3:*",
 "Resource": ["arn:aws:s3:::test_bucket",
"arn:aws:s3:::test_bucket/*"]
 }]
}

Correct Answer – D
Options A & B are incorrect because the bucket policy needs the "Principal" field to indicate which IAM identities can use this policy.
Option C is incorrect because this bucket policy grants full access to user ABC to all S3 buckets. However, the user only needs to access “test_bucket”.
Option D is CORRECT because with the bucket policy, the IAM user ABC is only assigned the permissions on “test_bucket”.
For more information on usage guidelines for S3 bucket policy & IAM policy, refer to the following URL-
https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/