Topic 1 Question 139
A security engineer needs to set up an Amazon CloudFront distribution for an Amazon S3 bucket that hosts a static website. The security engineer must allow only specified IP addresses to access the website. The security engineer also must prevent users from accessing the website directly by using S3 URLs.
Which solution will meet these requirements?
Generate an S3 bucket policy. Specify cloudfront.amazonaws.com as the principal. Use the aws:SourceIp condition key to allow access only if the request comes from the specified IP addresses.
Create a CloudFront origin access control (OAC). Create the S3 bucket policy so that only the OAC has access. Create an AWS WAF web ACL, and add an IP set rule. Associate the web ACL with the CloudFront distribution.
Implement security groups to allow only the specified IP addresses access and to restrict S3 bucket access by using the CloudFront distribution.
Create an S3 bucket access point to allow access from only the CloudFront distribution. Create an AWS WAF web ACL and add an IP set rule. Associate the web ACL with the CloudFront distribution.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
Why Not Other Options?
Option A: Specifying cloudfront.amazonaws.com as the principal with aws:SourceIp condition key in the bucket policy does not ensure that access is only through CloudFront, as it does not tie the access to a specific CloudFront distribution. Option C: Security groups cannot be used to control access to S3 buckets; they are used for controlling access to EC2 instances, among other resources. This approach would not meet the requirement. Option D: Using an S3 bucket access point is unnecessary when OACs and bucket policies can effectively manage the access requirements. Also, access points are more relevant for complex access control scenarios and do not inherently solve the issue of restricting direct S3 access via CloudFront.👍 75409b912024/05/21 - 正解だと思う選択肢: B
B is correct
👍 2Certified1012024/05/19 - 正解だと思う選択肢: B
B is the correct answer
👍 1navid13652024/07/28
シャッフルモード