Answer-first summary for fast verification
Answer: Generate an origin access identity, apply it to CloudFront, and restrict S3 bucket permissions to the identity only.
The correct answer is D. Creating an origin access identity (OAI) and assigning it to the CloudFront distribution is the recommended approach. This ensures that only CloudFront can access the files in the S3 bucket. By configuring the S3 bucket permissions so that only the OAI has read permissions, you prevent direct access to the files via the S3 URL, thus serving the files only through CloudFront.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
For a file-sharing application using Amazon S3 and Amazon CloudFront, how should a solutions architect configure access to prevent direct S3 URL access while allowing CloudFront to serve files?
A
Implement bucket policies granting CloudFront-specific read access.
B
Create an IAM user with S3 read permissions and integrate with CloudFront.
C
Utilize a bucket policy with CloudFront's distribution ID as the Principal and the S3 bucket ARN.
D
Generate an origin access identity, apply it to CloudFront, and restrict S3 bucket permissions to the identity only.
No comments yet.