An Amazon CloudFront distribution has a single Amazon S3 bucket as its origin. A SysOps administrator must ensure that users can access the S3 bucket only through requests from the CloudFront endpoint. Which solution will meet these requirements?
A.
Configure S3 Block Public Access on the S3 bucket. Update the S3 bucket policy to allow the GetObject action from only the CloudFront distribution.
B.
Configure Origin Shield in the CloudFront distribution. Update the CloudFront origin to include a custom Origin_Shield header.
C.
Create an origin access identity (OAI). Assign the OAI to the CloudFront distribution. Update the S3 bucket policy to restrict access to the OAI.
D.
Create an origin access identity (OAI). Assign the OAI to the S3 bucket. Update the CloudFront origin to include a custom Origin header with the OAI value.
Answer C says, "..restrict access to OAI" I obviously didn't understand it. Why do we restrict access to OAI? Actually, I think we need to allow read-only access to OAI.
They probably typed wrongly. If I recall correctly, the button reads somewhere along the lines of 'bucket can restrict access to only OAI', and what it achieves is allowing S3 objects to be accessed only through CloudFront.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kati2k22cz
Highly Voted 1 year, 8 months agojipark
Most Recent 8 months, 3 weeks agomichaldavid
1 year, 4 months agoSurferbolt
1 year, 6 months agoelnurgu
1 year, 6 months agojipark
8 months, 3 weeks agoSurferbolt
1 year, 6 months ago