An IAM policy has the following statement: {"Effect":"Allow","Action":"s3:*","Resource":"arn:aws:s3:::my-bucket/*"}. A user with this policy tries to perform s3:ListBucket on 'my-bucket'. Will the request succeed?
ListBucket requires bucket-level ARN.
Why this answer
s3:ListBucket requires resource ARN 'arn:aws:s3:::my-bucket' (without /*). The policy only grants access to objects, not the bucket itself. Option A is incorrect because the action is not allowed.
Option C is incorrect because the resource is wrong. Option D is incorrect because service control policies are not mentioned.