Topic 1 Question 1011
2 つ選択A company hosts an application in a private subnet. The company has already integrated the application with Amazon Cognito. The company uses an Amazon Cognito user pool to authenticate users.
The company needs to modify the application so the application can securely store user documents in an Amazon S3 bucket.
Which combination of steps will securely integrate Amazon S3 with the application?
Create an Amazon Cognito identity pool to generate secure Amazon S3 access tokens for users when they successfully log in.
Use the existing Amazon Cognito user pool to generate Amazon S3 access tokens for users when they successfully log in.
Create an Amazon S3 VPC endpoint in the same VPC where the company hosts the application.
Create a NAT gateway in the VPC where the company hosts the application. Assign a policy to the S3 bucket to deny any request that is not initiated from Amazon Cognito.
Attach a policy to the S3 bucket that allows access only from the users' IP addresses.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: AC
securely integrate Amazon S3 with the application: https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3
👍 6bujuman2024/11/16 respuesta correcta : A - B
👍 2viejito2024/11/07- 正解だと思う選択肢: AC
A - Amazon Cognito identity pools provide temporary AWS credentials for authenticated users. B - User pools are for authentication (who the user is). Identity pools are for authorization (what the user can do). C - Traffic between your VPC and S3 stays within the AWS network, good. This also removes the need for a NAT Gateway for S3 access. D - Unnecessary and not secure. E - Users' IP addresses can change frequently (especially mobile users).
👍 2LeonSauveterre2025/01/10
シャッフルモード