ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 590 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 590
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A solutions architect is designing a publicly accessible web application that is on an Amazon CloudFront distribution with an Amazon S3 website endpoint as the origin. When the solution is deployed, the website returns an Error 403: Access Denied message.
Which steps should the solutions architect take to correct the issue? (Choose two.)

  • A. Remove the S3 block public access option from the S3 bucket.
  • B. Remove the requester pays option from the S3 bucket.
  • C. Remove the origin access identity (OAI) from the CloudFront distribution.
  • D. Change the storage class from S3 Standard to S3 One Zone-Infrequent Access (S3 One Zone-IA).
  • E. Disable S3 object versioning.
Show Suggested Answer Hide Answer
Suggested Answer: AB 🗳️
by Nemer at Aug. 11, 2020, 3:24 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Anila_Dhharisi
Highly Voted 3 years, 7 months ago
https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/
upvoted 19 times
viet1991
3 years, 6 months ago
A&B. Amazon S3 Block Public Access must be disabled on the bucket. If Requester Pays is enabled, then the request must include the request-payer parameter.
upvoted 7 times
tekkart
3 years, 6 months ago
In your link, it is written ": If you don't want to allow public (anonymous) access to your S3 objects, then change your configuration to use the S3 REST API endpoint as the origin of your distribution. Then, configure your distribution and S3 bucket to restrict access using an origin access identity (OAI). " Then the answer would be A&C, Requester Pays is useful to prevent DDoS attacks, just remove it (answer B) would remove functionality with it
upvoted 3 times
joe16
3 years, 6 months ago
Requestor pays is a feature to share cost of storing/accessing S3 objects, not DDoS prevention. https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html
upvoted 1 times
...
...
...
...
tkanmani76
Highly Voted 3 years, 5 months ago
https://aws.amazon.com/premiumsupport/knowledge-center/s3-troubleshoot-403/ This will settle the answer in favour of A and B.
upvoted 7 times
AzureDP900
3 years, 5 months ago
This is great information, thanks for sharing.
upvoted 1 times
...
bermo
3 years, 4 months ago
Thanks indeed for this useful link
upvoted 1 times
...
Punitsolanki
3 years, 3 months ago
But the link is when you access the S3 directly, not via cloudfront.
upvoted 1 times
...
...
Rocky2222
Most Recent 2 years, 9 months ago
Selected Answer: AB
https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/
upvoted 1 times
...
TechX
2 years, 10 months ago
Selected Answer: AB
AB for me. If you enable Requester Pays on a bucket, anonymous access to that bucket is not allowed. https://docs.aws.amazon.com/AmazonS3/latest/userguide/RequesterPaysBuckets.html
upvoted 1 times
...
Hari008
3 years, 1 month ago
Here the key word is publicly available, i will go with A&C
upvoted 1 times
...
peddyua
3 years, 3 months ago
A is weird, it can work with block public access as well (deployed on a previous project) AB for me
upvoted 2 times
...
AzureDP900
3 years, 5 months ago
Selected Answer: AB
A and B
upvoted 1 times
...
Viper57
3 years, 6 months ago
A and C are correct. The question says it is using a S3 Website Endpoint. OAI can only be used when Cloudfront needs to access a REST API endpoint, so removing OAI would fix this problem. See using S3 to host a static website with Cloudfront: https://aws.amazon.com/premiumsupport/knowledge-center/cloudfront-serve-static-website/ - Using a REST API endpoint as the origin, with access restricted by an origin access identity (OAI) - Using a website endpoint as the origin, with anonymous (public) access allowed - Using a website endpoint as the origin, with access restricted by a Referer header
upvoted 5 times
...
student22
3 years, 6 months ago
A and C If you don't want to allow public (anonymous) access to your S3 objects, then change your configuration to use the S3 REST API endpoint as the origin of your distribution. Then, configure your distribution and S3 bucket to restrict access using an origin access identity (OAI). https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/
upvoted 1 times
student22
3 years, 6 months ago
Changing to A and B
upvoted 1 times
...
...
WhyIronMan
3 years, 6 months ago
I'll go with A,B
upvoted 2 times
...
blackgamer
3 years, 6 months ago
A & B is the better option but it is not the best too. A is not a very good solution.
upvoted 2 times
...
Waiweng
3 years, 6 months ago
it's A&B
upvoted 5 times
...
Pupu86
3 years, 6 months ago
Origin Access Identity feature is to control only Cloudfront has access (read) permissions to S3 so users can only access S3 contents via a valid OAI in Cloudfront, making Cloudfront the only point of entry. So the eventual state of access logs in Cloudfront would also be accurately reflective.
upvoted 2 times
...
Kian1
3 years, 6 months ago
going with AB
upvoted 2 times
...
Ebi
3 years, 6 months ago
Answer is AB
upvoted 5 times
...
kopper2019
3 years, 6 months ago
A and B https://aws.amazon.com/premiumsupport/knowledge-center/s3-website-cloudfront-error-403/
upvoted 1 times
...
Bulti
3 years, 6 months ago
A and B are the right answers
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago