What should a solutions architect do to meet these requirements?

By:
In: SAA-C02
Tagged:
With: 2 Comments
A company sells datasets to customers who do research in artificial intelligence and machine learning (AI/ML).The datasets are large, formatted files that are stored in an Amazon S3 bucket in the us-east-1 Region.The company hosts a web application that the customers use to purchase access to a given dataset.The web application is deployed on multiple Amazon EC2 instances behind an Application Load Balancer.After a purchase is made, customers receive an S3 signedURL that allows access to the files.The customers are distributed across North America and Europe.The company wants to reduce the cost that is associated with data transfers and wants to maintain or improve performance.

What should a solutions architect do to meet these requirements?

Configure S3 Transfer Acceleration on the existing S3 bucket. Direct customer requests to the S3 Transfer Acceleration endpoint. Continue to use S3 signed URLs for access control.

Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control.

Set up a second S3 bucket in the eu-central-1 Region with S3 Cross-Region Replication between the buckets. Direct customer requests to the closest Region. Continue to use S3 signed URLs for access control.

Modify the web application to enable streaming of the datasets to end users. Configure the web application to read the data from the existing S3 bucket. Implement access control directly in the application.

Explanations:

While S3 Transfer Acceleration can speed up uploads and downloads by using the Amazon CloudFront edge network, it does not reduce costs significantly for data transfers since it incurs additional charges. Additionally, it does not improve performance for customers in Europe compared to using a regional solution like CloudFront.

Deploying a CloudFront distribution with the S3 bucket as the origin optimizes data delivery by caching content at edge locations closer to customers. This setup reduces latency and data transfer costs by leveraging CloudFront’s global network, while allowing for the use of signed URLs for access control, maintaining security.

Setting up a second S3 bucket in a different region with Cross-Region Replication would improve access speeds for European customers but could increase costs due to additional data transfer charges between regions. It also complicates access management since two buckets would need to be managed. Using CloudFront is more efficient for caching and access control.

Modifying the web application to stream data directly from S3 does not effectively reduce costs associated with data transfers, nor does it improve performance as well as utilizing a CDN like CloudFront would. Furthermore, implementing access control directly in the application may expose it to additional security risks.

2026-03-31

2 Comments

  1. Amanda
    Author

    As far as I’m aware, the answer is:
    Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control.

  2. Paul
    Author

    I appraise that the answer is:
    Deploy an Amazon CloudFront distribution with the existing S3 bucket as the origin. Direct customer requests to the CloudFront URL. Switch to CloudFront signed URLs for access control.

Leave a Reply

Your email address will not be published. Required fields are marked *

6 − 5 =