AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company's application generates reports and stores them in an Amazon S3 bucket. When users access their reports, the application creates signed URLs for downloading. The security team found that these files are publicly accessible without authentication, leading the company to halt new report generation until the issue is fixed. What measures can be taken to immediately address this security vulnerability without disrupting the application's usual operations?
Explanation:
The correct answer to this question is D: 'Utilize Amazon S3's Block Public Access feature to set the IgnorePublicAcls option to TRUE, thereby blocking public access to the bucket.' This feature specifically addresses the issue of public access granted through ACLs, without affecting the usual workflows of the application. By enabling the IgnorePublicAcls setting, you can immediately prevent unauthorized public access to the objects in the bucket while still allowing necessary operations within your application. This approach provides an immediate and secure remediation to the problem found by the company's security team.