AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company utilizes an Amazon S3 bucket to store images for their website, which are served to end users through Amazon CloudFront. Recently, the company identified that these images are being accessed from countries without a distribution license. To address this security concern and restrict access to authorized regions, what two measures should the company implement?
Explanation:
Option A is correct because updating the S3 bucket policy to restrict access to a CloudFront origin access control (OAC) ensures that the objects in the S3 bucket can only be accessed through CloudFront, preventing direct access to the bucket from unauthorized regions. Option C is correct because adding a CloudFront geo restriction deny list of countries where the company lacks a license will block access to the images from those countries, effectively limiting distribution as intended. The combination of these two measures will reinforce security and ensure compliance with licensing restrictions.