Which solution will meet these requirements with the MOST operational efficiency?
Create a new S3 bucket that is configured to host a public static website. Migrate the operations data to the new S3 bucket. Share the S3 website URL with the external consultant.
Enable public access to the S3 bucket for 7 days. Remove access to the S3 bucket when the external consultant completes the audit.
Create a new IAM user that has access to the report in the S3 bucket. Provide the access keys to the external consultant. Revoke the access keys after 7 days.
Generate a presigned URL that has the required access to the location of the report on the S3 bucket. Share the presigned URL with the external consultant.
Explanations:
Creating a new S3 bucket and making it publicly accessible is a security risk and unnecessary. The solution requires a more targeted approach to grant access to only the annual report without exposing the entire bucket.
Enabling public access to the S3 bucket for 7 days introduces potential security risks. It also allows the external consultant to access all data in the bucket, not just the report.
Creating an IAM user and providing access keys introduces unnecessary complexity and manual steps. Revoking access keys after 7 days could be error-prone and requires more management overhead.
A presigned URL grants time-limited, specific access to a single file, which meets the requirements. It is the most efficient and secure method as it does not require changing permissions or creating new users.