AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company hosts a marketing website in an on-premises data center. The website consists of static documents and runs on a single server. An administrator updates the website content infrequently and uses an SFTP client to upload new documents.

The company decides to host its website on AWS and to use Amazon CloudFront. The company's solutions architect creates a CloudFront distribution. The solutions architect must design the most cost-effective and resilient architecture for website hosting to serve as the CloudFront origin.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create a virtual server by using Amazon Lightsail. Configure the web server in the Lightsail instance. Upload website content by using an SFTP client.

Create an AWS Auto Scaling group for Amazon EC2 instances. Use an Application Load Balancer. Upload website content by using an SFTP client.

Create a private Amazon S3 bucket. Use an S3 bucket policy to allow access from a CloudFront origin access identity (OAI). Upload website content by using the AWS CLI.

Create a public Amazon S3 bucket. Configure AWS Transfer for SFTP. Configure the S3 bucket for website hosting. Upload website content by using the SFTP client.

Explanation:

Explanation

Correct Answer: C

Why Option C is the best solution:

Cost-effectiveness: Amazon S3 is highly cost-effective for static website hosting compared to compute instances (Lightsail or EC2). S3 charges are based on storage and requests, which is much cheaper than running servers 24/7.
Resilience: S3 provides 99.999999999% (11 9's) durability and 99.99% availability by default. It's a managed service with built-in redundancy across multiple Availability Zones.
Security: Using a private S3 bucket with CloudFront Origin Access Identity (OAI) ensures that content is only accessible through CloudFront, not directly from S3. This provides better security.
CloudFront integration: S3 is the recommended origin for CloudFront distributions serving static content.
AWS CLI upload: While the administrator currently uses SFTP, migrating to AWS CLI for infrequent updates is reasonable and provides better integration with AWS services.

Why other options are not optimal:

Option A (Lightsail): While Lightsail is simpler than EC2, it's still a compute instance that requires management and is more expensive than S3 for static content. It also lacks the built-in resilience of S3.
Option B (EC2 Auto Scaling + ALB): This is over-engineered and expensive for static content. EC2 instances require management, scaling, and load balancing, which is unnecessary for static websites.
Option D (Public S3 + Transfer for SFTP): Making the S3 bucket public is less secure than using a private bucket with OAI. AWS Transfer for SFTP adds unnecessary cost and complexity when AWS CLI can handle infrequent updates.

Key AWS Services Used:

Amazon S3: For highly durable, available, and cost-effective static website hosting
CloudFront: For content delivery with edge caching
Origin Access Identity (OAI): For secure access control between CloudFront and S3
AWS CLI: For content upload (can be scripted for automation)

This solution provides the most cost-effective and resilient architecture while maintaining security through proper access controls.

Powered ByGPT-5.2

Comments

Loading comments...