Domain 2.3: Security Controls — AWS SAP-C02 Practice Question 55

How to approach this question

Identify the mechanism to secure S3 origins behind CloudFront.

Full Answer

B.Configure Origin Access Control (OAC) in CloudFront and update the S3 bucket policy to allow access only from the CloudFront distribution.✓ Correct

Origin Access Control (OAC) is the modern, secure way to restrict S3 bucket access to only a specific CloudFront distribution. The S3 bucket policy is updated to allow 's3:GetObject' only when the condition matches the CloudFront ARN.

Common mistakes

Using the legacy OAI or trying to attach WAF to S3.

A company is using Amazon S3 to host a static website. They want to use Amazon CloudFront to distribute the content globally. They must ensure that users can ONLY access the content via CloudFront, and direct access to the S3 bucket URL is blocked. How should this be configured?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 2

More questions from this exam