Topic 1 Question 56
A SysOps administrator is reviewing AWS Trusted Advisor warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue the bucket owner, the administrator realizes the S3 bucket is an origin for an Amazon CloudFront web distribution. Which action should the administrator take to ensure that users access objects in Amazon S3 by using only CloudFront URLs?
Encrypt the S3 bucket content with Server-Side Encryption with Amazon S3-Managed Keys (SSE-S3).
Create an origin access identity and grant it permissions to read objects in the S3 bucket.
Assign an IAM user to the CloudFront distribution and grant the user permissions in the S3 bucket policy.
Assign an IAM role to the CloudFront distribution and grant the role permissions in the S3 bucket policy.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: B
B is Correct
👍 3Mikilo2022/04/26 - 正解だと思う選択肢: B👍 3Finger412022/05/23
- 正解だと思う選択肢: B
When you first set up an Amazon S3 bucket as the origin for a CloudFront distribution, you grant everyone permission to read the files in your bucket. This allows anyone to access your files either through CloudFront or using the Amazon S3 URL.
To ensure that your users access your files using only CloudFront URLs, regardless of whether the URLs are signed, do the following:
- Create an origin access identity, which is a special CloudFront user, and associate the origin access identity with your distribution
- Change the permissions either on your Amazon S3 bucket or on the files in your bucket so that only the origin access identity has read permission.
👍 2Goozian2022/07/21
シャッフルモード