Q21 — AWS DVA-C02 Ch.2
Question 21 of 100 | ← Chapter 2
A company needs to distribute firmware updates to its global customers. Which service will allow the company to control access to downloads in the most cost-effective, scalable, and secure manner?
- A. Use Amazon CloudFront with Amazon S3 signed URLs. ✓
- B. Create a dedicated Amazon CloudFront distribution for each customer.
- C. Use Amazon CloudFront with AWS Lambda@Edge.
- D. Use Amazon API Gateway and AWS Lambda to control access to the S3 bucket.
Correct Answer: A. Use Amazon CloudFront with Amazon S3 signed URLs.
Explanation
Option A recommends using Amazon CloudFront with Amazon S3 signed URLs. Signed URLs enable fine-grained, secure access control to resources in Amazon S3, allowing time-limited and permission-restricted downloads. This approach provides low-cost, globally distributed delivery while ensuring only authorized users can download firmware. Option B introduces unnecessary complexity and cost by requiring a separate CloudFront distribution per customer. Option C, while Lambda@Edge extends CloudFront functionality, is overkill here—signed URLs are simpler and more direct. Option D is viable but adds operational overhead compared to the native, lightweight signed URL mechanism.