Exam AWS Certified Security - Specialty topic 1 question 180 discussion

100% B, explanation here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html

B - Use signed cookies in the following cases: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers' area of website. You don't want to change your current URLs.

B is the correct answer. Signed cookies are used with multiple objects, unlike signed URLs.

Further read https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html

Ans B CloudFront signed URLs and signed cookies provide the same basic functionality: they allow you to control who can access your content. If you want to serve private content through CloudFront and you're trying to decide whether to use signed URLs or signed cookies, consider the following. Use signed URLs in the following cases: You want to restrict access to individual files, for example, an installation download for your application. Your users are using a client (for example, a custom HTTP client) that doesn't support cookies. Use signed cookies in the following cases: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers' area of website. You don't want to change your current URLs.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html - Cookies are recommended to use with the HLS.

https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html It references HLS as an example to use signed cookies.But, then a blog post: https://aws.amazon.com/blogs/networking-and-content-delivery/secure-and-cost-effective-video-streaming-using-cloudfront-signed-urls/ Suggests signed urls! It doesn't state the client, so you can't assume either way. The blog post references Lambda and API Gateway, so seems pretty complicated to configure. As such, I'd go B.

Signed cookies is a good answer if the video is being played in a web browser, but the question doesn't specify the client. A standalone client on a phone or TV may not support cookies, in which case signed URLs would be a better option. AWS have a blog post on how to use CloudFront with HLS video here https://aws.amazon.com/blogs/networking-and-content-delivery/secure-and-cost-effective-video-streaming-using-cloudfront-signed-urls/

Use signed URLs in the following cases: Your users are using a client (for example, a custom HTTP client) that doesn't support cookies.

As per AWS: Use signed cookies in the following cases: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers' area of website. You don't want to change your current URLs.

A Signed URLs can be generated by using a CloudFront key pair, which consists of a private key and a corresponding public key. The private key is used by the company's web application to create a digital signature of the URL, which is then appended to the URL as a query string parameter. When a user requests the URL with the signature, CloudFront verifies the signature using the corresponding public key, and then serves the content if the signature is valid. By generating signed URLs for each request, the origin URL is not disclosed, and the content is only accessible by users who have been authenticated by the company's web application. This method is more effective than simply encrypting the CloudFront URL, as it provides a higher level of security and ensures that only authorized users can access the content. Option B is not ideal, as signed cookies are intended for use cases where cookies are required for access control.

Option A is the simplest and most effective way to protect the content as it uses the CloudFront key pair to create signed URLs which are then provided to the user to access the content. While option B also uses the CloudFront key pair, it involves additional steps such as setting the signed cookies and managing the cookie expiration which adds complexity to the implementation.

The question is given as an example for using signed cookies https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html

Use signed cookies in the following cases: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers' area of website. B

A is correct. as described in the document "Use signed URLs in the following cases: - Your users are using a client (for example, a custom HTTP client) that doesn't support cookies."

Use signed cookies in the following cases: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers' area of website.

Signed Cookies and URL have the same functionality. however cookies should be used for these scenario since its a video. link below will provide answers. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-choosing-signed-urls-cookies.html