Answer: Share pre-signed URLs with resources that need access

Share pre-signed URLs with resources that need access - All objects by default are private, with the object owner having permission to access the objects. However, the object owner can optionally share objects with others by creating a pre-signed URL, using their own security credentials, to grant time-limited permission to download the objects. When you create a pre-signed URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object), and expiration date and time. The pre-signed URLs are valid only for the specified duration. Incorrect options: Use Bucket policy to block the unintended access - A bucket policy is a resource-based AWS Identity and Access Management (IAM) policy. You add a bucket policy to a bucket to grant other AWS accounts or IAM users access permissions for the bucket and the objects in it. Bucket policy can be used to block off unintended access, but it's not possible to provide time-based access, as is the case in the current use case. Use Routing policies to re-route unintended access - There is no such facility directly available with Amazon S3. It is not possible to implement time constraints on Amazon S3 Bucket access - This is an incorrect statement. As explained above, it is possible to give time-bound access permissions on S3 buckets and objects.

Author: LeetQuiz Editorial Team