AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company uses AWS and sells access to copyrighted images. The company's global customer base needs to be able to access these images quickly. The company must deny access to users from specific countries. The company wants to minimize costs as much as possible.
Which solution will meet these requirements?
Other
Community
UAnonymous
A
Use Amazon S3 to store the images. Turn on multi-factor authentication (MFA) and public bucket access. Provide customers with a link to the S3 bucket.
B
Use Amazon S3 to store the images. Create an IAM user for each customer. Add the users to a group that has permission to access the S3 bucket.
C
Use Amazon EC2 instances that are behind Application Load Balancers (ALBs) to store the images. Deploy the instances only in the countries the company services. Provide customers with links to the ALBs for their specific country's instances.
D
Use Amazon S3 to store the images. Use Amazon CloudFront to distribute the images with geographic restrictions. Provide a signed URL for each customer to access the data in CloudFront.
Explanation:
Explanation
Option D is the correct solution because it meets all the requirements:
-
Fast global access: Amazon CloudFront is a Content Delivery Network (CDN) that caches content at edge locations worldwide, providing low-latency access to customers globally.
-
Geographic restrictions: CloudFront supports geographic restrictions (geo-blocking) that allow you to deny access to users from specific countries based on their IP addresses.
-
Secure access control: Signed URLs provide time-limited, secure access to copyrighted images, ensuring only paying customers can access the content.
-
Cost optimization: Using S3 for storage and CloudFront for distribution is a cost-effective solution compared to running EC2 instances globally. CloudFront also reduces data transfer costs from S3.
Why the other options are incorrect:
-
Option A: Public bucket access with MFA doesn't provide geographic restrictions or secure customer-specific access. Anyone with the link could access the images.
-
Option B: Creating IAM users for each customer doesn't scale well for a global customer base and doesn't provide geographic restrictions. It's also more complex to manage.
-
Option C: Deploying EC2 instances in multiple countries is expensive and complex to manage. It doesn't provide a centralized solution for geographic restrictions and would require separate infrastructure in each country.
Key AWS Services Used:
- Amazon S3: For durable, scalable object storage
- Amazon CloudFront: For global content delivery with geographic restrictions
- Signed URLs: For secure, time-limited access control
Comments
Loading comments...