How can the company limit the ability to download a premier content file in the S3 bucket to paid subscribers only?

By:
In: DVA-C01
Tagged:
With: 1 Comment
A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website.The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

How can the company limit the ability to download a premier content file in the S3 bucket to paid subscribers only?

Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.

Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.

Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.

Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Explanations:

Allowing anonymous access would expose the content to all users, which is the opposite of restricting access to paid subscribers.

A pre-signed URL provides temporary access to the content, ensuring that only authorized users with a valid link can download the file.

Requiring multi-factor authentication is not directly related to restricting access based on paid subscription status. It’s more relevant to securing AWS management actions rather than content access.

Server-side encryption protects the data at rest but does not control access based on subscription status. It is unrelated to restricting downloads to paid subscribers.

2025-10-04

1 Comment

  1. Andrew
    Author

    I plot that the answer is:
    Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.

Leave a Reply

Your email address will not be published. Required fields are marked *

16 − 2 =