What should a solutions architect do to securely meet these requirements?

By: study aws cloud

On: January 9, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

A company delivers files in Amazon S3 to certain users who do not have AWS credentials.These users must be given access for a limited time.

What should a solutions architect do to securely meet these requirements?

Enable public access on an Amazon S3 bucket.

Generate a presigned URL to share with the users.

Encrypt files using AWS KMS and provide keys to the users.

Create and assign IAM roles that will grant GetObject permissions to the users.

Explanations:

Enabling public access on an Amazon S3 bucket is not secure and exposes files to all internet users.

Generating a presigned URL allows temporary, secure access to specific S3 objects without exposing credentials.

Encrypting files with AWS KMS does not provide direct access to users without AWS credentials; they would still need access to the decryption keys.

Creating IAM roles is not suitable for users without AWS credentials, as they need proper authentication to assume roles.

Previous Post: What should a database specialist do to remediate this issue?

Next Post: Which function will produce the desired output?

Leave a Reply Cancel reply