Which solution will meet these requirements?
Generate and provide S3 signed cookies to premium customers.
Generate and provide CloudFront signed URLs to premium customers.
Use origin access control (OAC) to limit the access of non-premium customers.
Generate and activate field-level encryption to block non-premium customers.
Explanations:
S3 signed cookies are not suitable for granting access to CloudFront content. They are used for securing S3 objects directly and do not integrate well with CloudFront for streaming media, which requires URL-based access.
CloudFront signed URLs allow the company to securely provide access to premium content. They can be generated with specific expiration times, which is ideal for on-demand content like rentals. This ensures that only premium customers can access the media streams and files.
Origin access control (OAC) is designed to restrict access to the S3 bucket from CloudFront, but it does not provide a mechanism to limit access based on user types (premium vs. non-premium customers). It does not address the requirement of selectively granting access to specific users.
Field-level encryption is used to protect sensitive data in the payloads, but it does not control access to content based on user type. It does not prevent non-premium customers from accessing media streams or files; it only encrypts data for transmission.