Which solution will meet these requirements?
Migrate the file server to an Amazon EC2 instance in a public subnet. Configure the security group to limit inbound traffic to the employees’ IP addresses.
Migrate the files to an Amazon FSx for Windows File Server file system. Integrate the Amazon FSx file system with the on-premises Active Directory. Configure AWS Client VPN.
Migrate the files to Amazon S3, and create a private VPC endpoint. Create a signed URL to allow download.
Migrate the files to Amazon S3, and create a public VPC endpoint. Allow employees to sign on with AWS IAM Identity Center (AWS Single Sign-On).
Explanations:
Migrating the file server to an Amazon EC2 instance in a public subnet exposes it to the internet, which can compromise security. Limiting inbound traffic by IP addresses does not provide robust security for confidential files, as it does not ensure encryption or proper user authentication.
Migrating to Amazon FSx for Windows File Server allows for seamless integration with on-premises Active Directory for user authentication. AWS Client VPN can be configured to provide secure remote access to the file system, ensuring only authorized users can access the files. This setup meets the requirements for secure access and file downloading.
Migrating files to Amazon S3 with a private VPC endpoint allows for secure access but does not provide the same level of file system features as FSx. While signed URLs can provide temporary access to files, they do not enforce user authentication against Active Directory, which is crucial for sensitive files.
Migrating to Amazon S3 with a public VPC endpoint exposes the files to the internet. Although AWS IAM Identity Center can manage user access, the use of a public endpoint and S3’s nature as an object store does not align with the requirement for secure access to sensitive files, particularly in terms of traditional file system capabilities.