What should a solutions architect recommend to meet these requirements?
Publish content to a public Amazon S3 bucket. Use AWS Key Management Service (AWS KMS) keys to stream content.
Set up IPsec VPN between the mobile app and the AWS environment to stream content.
Use Amazon CloudFront. Provide signed URLs to stream content.
Set up AWS Client VPN between the mobile app and the AWS environment to stream content.
Explanations:
A public S3 bucket exposes the content to anyone, which is not suitable for authorized access. Additionally, AWS KMS is typically used for encryption, not for streaming content.
IPsec VPN is used for securely connecting networks, not for content streaming. It would introduce unnecessary complexity and overhead for mobile app users.
Amazon CloudFront is a content delivery network (CDN) that can securely deliver content to users. Signed URLs ensure only authorized users can access the content. This meets the requirement of streaming to authorized users.
AWS Client VPN is designed for establishing secure network connections for users or devices, not for streaming content. It is unnecessary for delivering video or other media over the internet.