A security engineer needs to configure an Amazon S3 bucket policy to restrict access to an S3 bucket that is named DOC-EXAMPLE-BUCKET. The policy must allow access to only DOC-EXAMPLE-BUCKET from only the following endpoint: vpce-1a2b3c4d. The policy must deny all access to DOC-EXAMPLE-BUCKET if the specified endpoint is not used.
Which bucket policy statement meets these requirements?
To restrict access to an Amazon S3 bucket to a specific VPC endpoint and deny all access if this condition is not met, you need to implement a bucket policy that denies access unless the request comes from the specified VPC endpoint. The correct option uses the 'Effect': 'Deny' with 'Condition': {'StringEquals': {'aws:sourceVpce': 'vpce-1a2b3c4d'}} which satisfies these requirements. Thus, option C is correct.
correct
B is correcto
No doubt, it's B.
B is the correct one
B The option D does not even have the bucket in it lol
B is correct
B is NOT CORRECT, because it's manadatory to have an explicit allow!! D seems not correct because of "*" in the resources, but this "bucket policy" is only applied to this specific bucket So for me, the only correct answer is D because it allows requests from the vpce
B is correct https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html#example-bucket-policies-restrict-access-vpc