Answer-first summary for fast verification
Answer: Implementing a new origin access control in CloudFront, setting the distribution's origin to utilize this control, and adjusting the S3 bucket policy for CloudFront OAC with necessary permissions.
The correct answer is A. Origin Access Control (OAC) is the recommended way to ensure that an Amazon S3 bucket can only be accessed through an Amazon CloudFront distribution, preventing direct access to the S3 bucket. By creating a new OAC in CloudFront and configuring the CloudFront distribution to use this OAC, it ensures that all content is served exclusively through CloudFront. The S3 bucket policy then needs to be updated to allow the CloudFront OAC with the appropriate read (and possibly write) permissions to access Amazon S3 as the origin.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
How can a developer ensure that a publicly accessible enterprise website, hosted on Amazon S3 and served through Amazon CloudFront, prevents direct S3 bucket access and serves all content exclusively through CloudFront?
A
Implementing a new origin access control in CloudFront, setting the distribution's origin to utilize this control, and adjusting the S3 bucket policy for CloudFront OAC with necessary permissions.
B
Enabling block public access in the S3 bucket settings, configuring the CloudFront distribution with the S3 bucket as the origin, and updating the bucket policy for CloudFront access.
C
Enabling static website hosting in the S3 bucket settings, specifying index and error documents, and updating the CloudFront origin to point to the S3 bucket's website endpoint.
D
Configuring the CloudFront distribution's origin to include a custom header and updating the S3 bucket policy with conditions based on the aws:RequestTag/tag-key key, matching the custom header's value.