A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL. What should a solutions architect do to meet these requirements?
A) Write individual policies for each S3 bucket to grant read permission for only CloudFront access.
B) Create an IAM user. Grant the user read permission to objects in the S3 bucket. Assign the user to CloudFront.
C) Write an S3 bucket policy that assigns the CloudFront distribution ID as the Principal and assigns the target S3 bucket as the Amazon Resource Name (ARN) .
D) Create an origin access identity (OAI) . Assign the OAI to the CloudFront distribution. Configure the S3 bucket permissions so that only the OAI has read permission.
Correct Answer:
Verified
Q563: A company is creating a new application
Q564: A company wants to migrate its accounting
Q565: A company has a large Microsoft SharePoint
Q566: A company is using a VPC that
Q567: A company operates a two-tier application for
Q569: A company's security team requests that network
Q570: A company needs to provide its employees
Q571: A company has several business systems that
Q572: A news company that has reporters all
Q573: A recent analysis of a company's IT
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents