Topic 1 Question 131
A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL. What should a solutions architect do to meet these requirements?
Write individual policies for each S3 bucket to grant read permission for only CloudFront access.
Create an IAM user. Grant the user read permission to objects in the S3 bucket. Assign the user to CloudFront.
Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN).
Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Configure the S3 bucket permissions so that only the OAI has read permission.
ユーザの投票
コメント(6)
- 正解だと思う選択肢: D
I want to restrict access to my Amazon Simple Storage Service (Amazon S3) bucket so that objects can be accessed only through my Amazon CloudFront distribution. How can I do that? Create a CloudFront origin access identity (OAI) https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-access-to-amazon-s3/
👍 22123jhl02022/10/19 - 正解だと思う選択肢: D
D is correct but instead of OAI using OAC would be better since OAI is legacy
👍 3gloritown2022/12/13 - 正解だと思う選択肢: D
The correct answer is D. To meet the requirements, the solutions architect should create an origin access identity (OAI) and assign it to the CloudFront distribution. The S3 bucket permissions should be configured so that only the OAI has read permission.
An OAI is a special CloudFront user that is associated with a CloudFront distribution and is used to give CloudFront access to the files in an S3 bucket. By using an OAI, the company can serve the files through the CloudFront distribution while preventing direct access to the S3 bucket.
👍 3Buruguduystunstugudunstuy2022/12/27
シャッフルモード