Practice Test 2 | AWS Certified Solutions Architect Associate | SAA-C03 | Dumps | Mock Test
It is expected that only certain specified customers can upload images to the S3 bucket for a certain period of time. As an architect what is your suggestion?
A. Create a secondary S3 bucket. Then, use an AWS Lambda to sync the contents to the primary bucket.
B. Use Pre-Signed URLs instead to upload the images.
C. Use ECS Containers to upload the images.
D. Upload the images to SQS and then push them to the S3 bucket.
Explanation:
Answer – B
The S3 bucket owner can create Pre-Signed URLs to upload the images to S3.
-
- For more information on Pre-Signed URLs, please refer to the URL below.
- Option A is not the correct for this question. Since Amazon has provided us with an inbuilt function for this requirement, using this option is cost expensive and time-consuming. As a Solution Architect, you are supposed to pick the best and cost-effective solution.
- Option C is incorrect. ECS is a highly scalable, fast, container management service that makes it easy to run, stop, and manage Docker containers on a cluster.
- Option D is incorrect. SQS is a message queue service used by distributed applications to exchange messages through a polling model and not through a push mechanism.
Note:
This question is basically based on the scenario where we can use pre-signed url.
You need to understand about pre-signed url – which contains the user login credentials particular resources, such as S3 in this scenario. And user must have permission enabled that other application can use the credential to upload the data (images) in S3 buckets.
AWS definition:
“A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. That is, if you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the necessary permissions to upload that object.
All objects and buckets by default are private. The pre-signed URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions. When you create a pre-signed URL, you must provide your security credentials and then specify a bucket name, an object key, an HTTP method (PUT for uploading objects), and an expiration date and time. The pre-signed URLs are valid only for the specified duration.”
- Please check the below link to know more about it.
Hence, option B will solve the concern mentioned in the question.
Comments are closed, but trackbacks and pingbacks are open.