ExpertAWS SAA-C03 · Question 13 · Domain 1.2: Secure Workloads
A company is hosting a static website on Amazon S3 distributed via Amazon CloudFront. The company wants to ensure that users can only access the website through the CloudFront distribution and cannot access the S3 bucket directly via its S3 URL. <br/><br/>What should the solutions architect configure to meet this requirement?
A company is hosting a static website on Amazon S3 distributed via Amazon CloudFront. The company wants to ensure that users can only access the website through the CloudFront distribution and cannot access the S3 bucket directly via its S3 URL. <br/><br/>What should the solutions architect configure to meet this requirement?
Answer options:
Configure Origin Access Control (OAC) on the CloudFront distribution and update the S3 bucket policy to allow access only from the CloudFront OAC.
Create an IAM role for CloudFront and attach it to the S3 bucket.
Configure the S3 bucket as a website endpoint and use a custom header in CloudFront to authenticate requests.
Place the S3 bucket in a private VPC subnet and use a VPC endpoint for CloudFront.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS SAA-C03 Practice Exam 4
65 questions · hints · full answers · grading