← AWS Certified Advanced Networking Specialty (ANS-C01)

Free Preview

Question 1 of 5

A company hosts a static website in an Amazon S3 bucket and uses Amazon CloudFront to deliver content globally. The security team requires that users cannot access the S3 bucket directly through S3 URLs — all requests must be routed through CloudFront. Which configuration achieves this requirement with the least operational overhead?

Configure an Origin Access Identity (OAI) and attach it to the CloudFront distribution Configure Origin Access Control (OAC) on the CloudFront distribution and update the S3 bucket policy to allow access only from the CloudFront service principal Enable public read access on the S3 bucket and configure CloudFront to cache all responses Add an S3 bucket policy that restricts access to the CloudFront IP address ranges using aws:SourceIp conditions

This is a free preview. Create an account to access all 340 questions.

Free Preview

We use cookies

Cookie Settings

Essential Cookies Always Active

Analytics Cookies

Advertising Cookies