Answer-first summary for fast verification
Answer: Implement OAI for CloudFront and S3 to limit bucket access and activate AWS WAF on the CloudFront distribution.
The correct answer is D. To meet the requirements, the solutions architect must use Amazon CloudFront and configure an origin access identity (OAI) to restrict direct access to the S3 bucket. This ensures that requests for the content are funneled through CloudFront. Additionally, AWS WAF can be associated with the CloudFront distribution to inspect all incoming traffic as specified by the security policy. The other options do not fully meet the requirement of inspecting all traffic with AWS WAF and securing access to the S3 bucket.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a solutions architect ensure that a static website hosted on Amazon S3 with Amazon CloudFront as the CDN complies with a company policy requiring AWS WAF inspection for all traffic?
A
Set an S3 bucket policy to accept only AWS WAF ARN requests.
B
Direct CloudFront to send all requests to AWS WAF prior to fetching content from S3.
C
Establish a security group for S3 to allow access from CloudFront IPs and link AWS WAF to CloudFront.
D
Implement OAI for CloudFront and S3 to limit bucket access and activate AWS WAF on the CloudFront distribution.
No comments yet.