A company is launching a web-based application in multiple regions around the world. The application consists of both static content stored in a private Amazon S3 bucket and dynamic content hosted in Amazon ECS containers content behind an Application Load Balancer (ALB) . The company requires that the static and dynamic application content be accessible through Amazon CloudFront only. Which combination of steps should a solutions architect recommend to restrict direct content access to CloudFront? (Choose three.)
A) Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the ALB.
B) Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the CloudFront distribution.
C) Configure CloudFront to add a custom header to origin requests.
D) Configure the ALB to add a custom header to HTTP requests.
E) Update the S3 bucket ACL to allow access from the CloudFront distribution only.
F) Create a CloudFront Origin Access Identity (OAI) and add it to the CloudFront distribution. Update the S3 bucket policy to allow access to the OAI only.
Correct Answer:
Verified
Q686: A solutions architect needs to advise a
Q687: A European online newspaper service hosts its
Q688: A solutions architect is designing a disaster
Q689: A solutions architect has implemented a SAML
Q690: A financial services company receives a regular
Q692: A mobile app has become very popular,
Q693: A company wants to improve cost awareness
Q694: A company has a media catalog with
Q695: A company is using multiple AWS accounts.
Q696: A company uses AWS Organizations with a
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents