Multiple Choice
A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL. What should a solutions architect do to meet these requirements?
A) Write individual policies for each S3 bucket to grant read permission for only CloudFront access.
B) Create an IAM user. Grant the user read permission to objects in the S3 bucket. Assign the user to CloudFront.
C) Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN) .
D) Create an origin access identity (OAI) . Assign the OAI to the CloudFront distribution. Configure the S3 bucket permissions so that only the OAI has read permission.
Correct Answer:
Verified
Correct Answer:
Verified
Q223: A company allows its developers to attach
Q224: A company is looking for a solution
Q225: A company has several Amazon EC2 instances
Q226: An administrator of a large company wants
Q227: A media company is evaluating the possibility
Q229: A solutions architect needs to design the
Q230: A company recently expanded globally and wants
Q231: An application running on an Amazon EC2
Q232: An entertainment company is using Amazon DynamoDB
Q233: A company is running a multi-tier web