Answer-first summary for fast verification
Answer: Leverage an IAM policy with the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3
Leverage an IAM policy with the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3 Amazon Cognito identity pools (federated identities) enable you to create unique identities for your users and federate them with identity providers. With an identity pool, you can obtain temporary, limited-privilege AWS credentials to access other AWS services. Amazon Cognito identity pools support the following identity providers: Public providers: Login with Amazon (identity pools), Facebook (identity pools), Google (identity pools), Sign in with Apple (identity pools). Amazon Cognito user pools OpenID Connect providers (identity pools) SAML identity providers (identity pools) Developer authenticated identities (identity pools) You can create an identity-based policy that allows Amazon Cognito users to access objects in a specific S3 bucket. This policy allows access only to objects with a name that includes Cognito, the name of the application, and the federated user's ID, represented by the ${cognito-identity.amazonaws.com:sub} variable.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A developer is working on an application that requires user-specific file upload and download features. This application utilizes Amazon Cognito user pools and Cognito identity pools to ensure secure access, alongside Amazon S3 for file storage. The goal is to allow files ranging from 5 KB to 500 MB in size to be securely saved and retrieved by authorized users, ensuring that users can only access their own files.
What would be the most efficient solution to achieve these requirements?
A
Use CloudFront Lambda@Edge to validate that the given file is uploaded to S3 and downloaded from S3 only by the authorized user
B
Integrate Amazon API Gateway with a Lambda function that validates that the given file is uploaded to S3 and downloaded from S3 only by the authorized user
C
Use S3 Event Notifications to trigger a Lambda function that validates that the given file is uploaded and downloaded only by the authorized user
D
Leverage an IAM policy with the Amazon Cognito identity prefix to restrict users to use their own folders in Amazon S3
No comments yet.