A company has created an Amazon CloudFront distribution with two Amazon S3 buckets as origins. The company discovers that objects in both S3 buckets are publicly accessible. The desired state for the first S3 bucket is to allow access through CloudFront and other AWS resources with appropriate permissions. Objects in the second S3 bucket should be accessible only through CloudFront for all users except for the S3 bucket owner. How should a solutions architect configure access to the buckets to meet these requirements?

Exam-Like

Create an IAM policy and an IAM role that allow access to the first S3 bucket. Assign the role to the CloudFront distribution and the other resources that need access to the first S3bucket. Create an origin access identity (OAI) for the CloudFront distribution. Create an S3 bucket policy for the the second S3 bucket that allows access only with the OAI as the principal.

28.6%

Create a separate S3 bucket policy for each S3 bucket. Configure the policy for the first S3 bucket to allow read access to appropriate AWS resources and the CloudFront distribution as principals. Configure the policy for the second S3 bucket to allow only read access for the CloudFront distribution as the principal.

0.0%

Create a separate origin access identity (OAI) for the CloudFront distribution for each S3 bucket. Configure the first OAI to include access for the other AWS resources Configure the second OAI to include only CloudFront. Update the S3 bucket policies to restrict access to the correct OAIs.

14.3%

Create a separate origin access identity (OAI) for the CloudFront distribution for each S3 bucket. Create an S3 bucket policy for the first S3 bucket that allows access to the appropriate AWS resources and the OAI as principals Create an S3 bucket policy for the the second S3 bucket that allows access to the appropriate OAI as the principal.

57.1%

AWS Certified Solutions Architect - Professional

Comments

Get started today