Q50 — AWS SAA-C03 Ch.2

Question 50 of 65 | ← Chapter 2

Q115. A company is developing a file-sharing application that will use an Amazon S3 bucket for storage. The company wants to serve all the files through an Amazon CloudFront distribution. The company does not want the files to be accessible through direct navigation to the S3 URL. What should a solutions architect do to meet these requirements?

Correct Answer: D. Create an origin access identity (OAI) Assign the OAI to the CloudFront distribution. Configure the S3 bucket permissions so that only the OAI has read permission.