Explanation:
A presigned URL gives users temporary access to a specific S3 object without requiring them to have an AWS account or IAM permissions. This is the most operationally efficient way to share private content with external parties. Options B and C require AWS account management, and Option A alone is insufficient without providing a method of authentication or access to the private bucket.
Ultimate access to all questions.
Question 32. A SysOps administrator wants to securely share an object from a private Amazon S3 bucket with a group of users who do not have an AWS account. What is the MOST operationally efficient solution that will meet this requirement?
A
Attach an S3 bucket policy that only allows object downloads from the users' IP addresses.
B
Create an IAM role that has access to the object. Instruct the users to assume the role.
C
Create an IAM user that has access to the object. Share the credentials with the users.
D
Generate a presigned URL for the object. Share the URL with the users.
E
None of the above
F
None of the above
No comments yet.