How can the company limit the ability to download a premier content file in the S3 bucket to paid subscribers only?
Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.
Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.
Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.
Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.
Explanations:
Allowing anonymous access would expose the content to all users, which is the opposite of restricting access to paid subscribers.
A pre-signed URL provides temporary access to the content, ensuring that only authorized users with a valid link can download the file.
Requiring multi-factor authentication is not directly related to restricting access based on paid subscription status. It’s more relevant to securing AWS management actions rather than content access.
Server-side encryption protects the data at rest but does not control access based on subscription status. It is unrelated to restricting downloads to paid subscribers.