Topic 1 Question 438
A SysOps administrator has an Amazon S3 website and wants to restrict access to a single Amazon CloudFront distribution. Visitors to the website should not be able to circumvent CloudFront or view the S3 website directly from the bucket.
Which AWS service or feature will meet these requirements?
S3 bucket ACL
AWS Firewall Manager
Amazon Route 53 private hosted zone
Origin access identity (OAI)
ユーザの投票
コメント(3)
- 正解だと思う選択肢: D
You can restrict access to a S3 bucket from a single CloudFront distribution by using a origin access identity (OAI). This way, the bucket and its object can only be accessed through that OAI.
👍 2tgv2024/04/15 D A. S3 bucket ACL: Controls access permissions for individual Amazon S3 buckets and the objects within them. B. AWS Firewall Manager: Centrally manages firewall rules across multiple AWS accounts and resources. C. Amazon Route 53 private hosted zone: Provides a DNS service for routing traffic within a private Amazon VPC. D. Origin access identity (OAI): Restricts access to S3 bucket content so that only CloudFront can access it.
👍 1acnaz2024/08/04A little deceiving. I believe the solution is a combination of A & D.
also, it seems that OAI is considered legacy, and is replaced by OAC: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html#private-content-restricting-access-to-s3-oai
👍 1Albanki2024/11/23
シャッフルモード