Answer-first summary for fast verification
Answer: Assign an EC2 instance profile with a policy granting least privilege access to the S3 bucket., Integrate the S3 GeneratePresignedUrl API to provide time-limited, secure access to objects for authenticated users.
Option A and Option C are the correct answers. Assigning an EC2 instance profile with a role having an appropriate policy (Option A) ensures that the permissions are tightly controlled and follow the principle of least privilege. This prevents the need for storing long-term credentials on the EC2 instances, enhancing security. Using the S3 GeneratePresignedUrl API (Option C) allows the application to generate temporary URLs with time-limited access to S3 objects. This ensures that only authenticated users can access the objects, maintaining the security and privacy of the objects in the S3 bucket.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
An application on EC2 instances uses an S3 bucket for object storage and retrieval. After S3 Block Public Access is enabled, users face download issues. To securely allow only authenticated users access to S3 objects, which two measures should be implemented?
A
Assign an EC2 instance profile with a policy granting least privilege access to the S3 bucket.
B
Deploy IAM user credentials on EC2 instances for S3 access.
C
Integrate the S3 GeneratePresignedUrl API to provide time-limited, secure access to objects for authenticated users.
D
Utilize the S3 GetObject API to directly handle object retrieval for users.
E
Reconfigure the application to proxy S3 requests, managing additional security considerations.
No comments yet.