Answer: Signed URLs, JSON Web Token (JWT)

## Explanation **Correct Answers: B (Signed URLs) and D (JSON Web Token (JWT))** ### Why these options are correct: 1. **Signed URLs (Option B)**: - Signed URLs are perfect for users who cannot change hardcoded URLs because the signature is embedded directly in the URL itself - Users with custom HTTP clients that don't support cookies can still use signed URLs since they're just URLs with query parameters - The URL contains all the authentication information in the query string, so no cookies are required 2. **JSON Web Token (JWT) (Option D)**: - JWT can be passed in the Authorization header or as a query parameter, making it compatible with custom HTTP clients - JWT tokens can be validated by CloudFront using Lambda@Edge functions - This provides fine-grained access control without requiring cookie support ### Why other options are incorrect: - **A (Signed cookies)**: This requires cookie support in the HTTP client, which the custom clients don't have - **C (AWS AppSync)**: This is a GraphQL service for building APIs, not designed for securing CloudFront content delivery - **E (AWS Secrets Manager)**: This is for managing secrets like database credentials, not for securing CloudFront content access ### Key considerations for the solution: 1. **For users with custom HTTP clients without cookie support**: Both signed URLs and JWT work because they don't rely on cookies 2. **For users unable to change hardcoded URLs**: Signed URLs can be pre-generated and distributed, while JWT tokens can be added as query parameters to existing URLs 3. **Least impact to users**: Both solutions work with existing infrastructure without requiring client-side changes to support cookies **Implementation approach**: - Use CloudFront signed URLs for time-limited access to specific content - Use JWT with Lambda@Edge for more complex authorization logic and user-specific access control - Both methods can be combined for different user groups based on their capabilities

Author: LeetQuiz Editorial Team