What is the MOST secure way to do this?

By:
In: SAA-C02
Tagged:
With: 1 Comment
An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further.The log file is stored on Amazon S3 and is 10 GB in size.The application owner will make the log file available to the vendor for a limited time.

What is the MOST secure way to do this?

Enable public read on the S3 object and provide the link to the vendor.

Upload the file to Amazon WorkDocs and share the public link with the vendor.

Generate a presigned URL and have the vendor download the log file before it expires.

Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.

Explanations:

Enabling public read access to the S3 object exposes the file to anyone with the link, compromising security.

Sharing a public link via Amazon WorkDocs does not provide adequate security controls, as it can still be accessed by anyone with the link.

Generating a presigned URL allows secure, time-limited access to the S3 object, ensuring that only the vendor can download it before expiration.

While creating an IAM user with MFA increases security, it requires more overhead for user management and does not offer the same temporary access benefits as a presigned URL.

2025-09-29

1 Comment

  1. Frances
    Author

    If I’m not mistaken, the answer is:
    Generate a presigned URL and have the vendor download the log file before it expires.

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + four =