A SysOps administrator needs to configure a solution that will deliver digital content to a set of authorized users through Amazon CloudFront. Unauthorized users must be restricted from access.
Which solution will meet these requirements?
A.
Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed URLs to access the S3 bucket through CloudFront.
B.
Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Restrict S3 bucket access with signed URLs in CloudFront.
C.
Store the digital content in an Amazon S3 bucket that has public access blocked. Use an origin access identity (OAI) to deliver the content through CloudFront. Enable field-level encryption.
D.
Store the digital content in an Amazon S3 bucket that does not have public access blocked. Use signed cookies for restricted delivery of the content through CloudFront.
Option B is the correct solution because it uses an origin access identity (OAI) to restrict access to the S3 bucket, ensuring that only CloudFront can access the content. Public access is blocked on the S3 bucket, preventing unauthorized users from accessing the content directly. Signed URLs can also be used to restrict access further within CloudFront.
why not A : you should restric direct access from public
through CloudFront -> block public access, then grant OAI to CloutFront
authorized users -> presigned URL
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Vivec
Highly Voted 1 year, 1 month agojipark
Most Recent 8 months, 3 weeks agobraveheart22
1 year, 2 months agodefmania00
1 year, 2 months agobbfd465
1 year, 2 months agodefmania00
1 year, 2 months ago