Which of the following would be the LEAST complicated implementation?
Use an Amazon CloudFront distribution with an origin access identity (OAI). Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design a Lambda function to remove data that is older than 14 days.
Use an S3 bucket and provide direct access to the file. Design the application to track purchases in a DynamoDB table. Configure a Lambda function to remove data that is older than 14 days based on a query to Amazon DynamoDB.
Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 14 days for the URL.
Use an Amazon CloudFront distribution with an OAI. Configure the distribution with an Amazon S3 origin to provide access to the file through signed URLs. Design the application to set an expiration of 60 minutes for the URL and recreate the URL as necessary.
Explanations:
While using CloudFront and signed URLs is a good approach, implementing a Lambda function to remove data based on age adds unnecessary complexity for this requirement. Managing URL expiration directly would be simpler.
Providing direct access to S3 files without using signed URLs poses a security risk, as it allows anyone with the link to access the content indefinitely. This approach also complicates the access management.
This option uses CloudFront with signed URLs, which is secure and appropriate for access control. Setting the URL expiration to 14 days directly aligns with the requirement, making it the least complicated and most effective solution.
While it employs CloudFront and signed URLs, the 60-minute expiration requires constant URL regeneration, complicating the implementation unnecessarily compared to a 14-day expiration approach.