Multiple Choice
A company is launching a web-based application in multiple regions around the world. The application consists of both static content stored in a private Amazon S3 bucket and dynamic content hosted in Amazon ECS containers content behind an Application Load Balancer (ALB) . The company requires that the static and dynamic application content be accessible through Amazon CloudFront only. Which combination of steps should a solutions architect recommend to restrict direct content access to CloudFront? (Choose three.)
A) Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the ALB.
B) Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the CloudFront distribution.
C) Configure CloudFront to add a custom header to origin requests.
D) Configure the ALB to add a custom header to HTTP requests.
E) Update the S3 bucket ACL to allow access from the CloudFront distribution only.
F) Create a CloudFront Origin Access Identity (OAI) and add it to the CloudFront distribution. Update the S3 bucket policy to allow access to the OAI only.
Correct Answer:
Verified
Correct Answer:
Verified
Q857: The Solutions Architect manages a serverless application
Q858: A user is creating a Provisioned IOPS
Q859: You are tasked with moving a legacy
Q860: A company runs a video processing platform.
Q861: A user is trying to create a
Q863: You are designing a multi-platform web application
Q864: You have an application running on an
Q865: A company has an application that runs
Q866: Your company has HQ in Tokyo and
Q867: A user is creating a PIOPS volume.