Answer-first summary for fast verification
Answer: Create an Origin Access Identity (OAI) for the CloudFront distribution and attach the necessary S3 bucket policy to allow access from the OAI.
To ensure secure access for the CloudFront distribution to the S3 bucket, you should create an Origin Access Identity (OAI) for the CloudFront distribution and attach the necessary S3 bucket policy to allow access from the OAI. This approach provides a secure and specific way to grant access to the S3 bucket from CloudFront without using excessive permissions or the root account. Option A provides excessive permissions, while options C and D are not recommended as they involve modifying bucket policies or using the root account, which can lead to security risks.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
Your company is implementing a new media storage solution using Amazon S3 and AWS CloudFront. You need to ensure that the CloudFront distribution has the necessary permissions to access the S3 bucket. Which of the following steps should you take to achieve this?
A
Create an IAM role with full access to all S3 buckets and assign it to the CloudFront distribution.
B
Create an Origin Access Identity (OAI) for the CloudFront distribution and attach the necessary S3 bucket policy to allow access from the OAI.
C
Modify the S3 bucket policy to allow access from the CloudFront service.
D
Use the root account credentials to configure the CloudFront distribution to access the S3 bucket.
No comments yet.