Q86 — AWS DVA-C02 Ch.1
Question 86 of 100 | ← Chapter 1
A company is moving sensitive files into a private Amazon S3 bucket with no public access permissions. The company wants to develop a serverless application that allows employees to log in and securely share files with other users. Which AWS feature should the company use to securely share and access files?
- A. Amazon Cognito User Pools
- B. S3 presigned URLs ✓
- C. S3 bucket policies
- D. Amazon Cognito Identity Pools
Correct Answer: B. S3 presigned URLs
Explanation
S3 presigned URLs (Option B) provide time-limited, secure access to specific objects in private S3 buckets without exposing the bucket publicly. They are ideal for controlled, temporary file sharing. Option A (User Pools) handles authentication but not direct file access delegation. Option C (bucket policies) defines broad bucket-level permissions but cannot grant per-object, time-bound access. Option D (Identity Pools) provides federated identity access to AWS services but is overkill for simple file sharing and lacks granular object-level control. Thus, B is the most appropriate and secure solution.