Which action should the solutions architect take?
Configure a CloudFront signed URL
Configure a CloudFront signed cookie.
Configure a CloudFront field-level encryption profile.
Configure a CloudFront and set the Origin Protocol Policy setting to HTTPS. Only for the Viewer Protocol Pokey.
Explanations:
A CloudFront signed URL is primarily used to restrict access to specific content by generating time-limited URLs. While it provides access control, it does not offer an additional layer of encryption for sensitive information.
A CloudFront signed cookie allows users to access multiple restricted files without the need for individual signed URLs. However, like signed URLs, it does not encrypt sensitive data in transit or provide field-level encryption.
Configuring a CloudFront field-level encryption profile enables you to encrypt sensitive data at the request level before it reaches the origin. This adds an additional layer of security, ensuring that sensitive information is protected throughout the application stack.
Setting the Origin Protocol Policy to HTTPS ensures that communication between CloudFront and the origin server is encrypted. However, it does not encrypt sensitive data at the field level, which is necessary for additional security.
I plot that the answer is:
Configure a CloudFront field-level encryption profile.
I outline that the answer is:
Configure a CloudFront field-level encryption profile.