AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
A company operates a web server on the AWS Cloud and utilizes an Amazon S3 bucket to store its web content. To enhance content delivery speed and security, the company plans to deploy an Amazon CloudFront distribution. It is crucial that the content stored in the S3 bucket remains inaccessible to the public directly. What measures should be taken to ensure that the CloudFront distribution is the only entity able to access the S3 bucket content while maintaining security and performance?
A company operates a web server on the AWS Cloud and utilizes an Amazon S3 bucket to store its web content. To enhance content delivery speed and security, the company plans to deploy an Amazon CloudFront distribution. It is crucial that the content stored in the S3 bucket remains inaccessible to the public directly. What measures should be taken to ensure that the CloudFront distribution is the only entity able to access the S3 bucket content while maintaining security and performance?
Explanation:
The correct answer is B. The best way to ensure that the content in the S3 bucket is not directly accessible by the public while allowing CloudFront to access it is by using an Origin Access Control (OAC). By creating an OAC and associating it with the CloudFront distribution, you can configure the S3 bucket permissions so that only the OAC can access the files in the S3 bucket. This securely limits access to the files to only the CloudFront distribution. The other options either suggest improper methods or do not provide the same level of security and specificity as the OAC.