S3 Quiz
Your company is planning to store sensitive documents in a bucket in the Simple Storage service. They want to keep the documents as private but serve content only to select users based on a particular time frame. Which of the following can help you accomplish this?
A. Enable CORS for the S3 bucket
B. Use KMS and enable encryption for the files
C. Create pre-signed URL’s
D. Enable versioning for the S3 bucket
C. Create pre-signed URL’s
The AWS Documentation mentions the following
A pre-signed URL gives you access to the object identified in the URL, provided that the creator of the pre-signed URL has permissions to access that object. That is, if you receive a pre-signed URL to upload an object, you can upload the object only if the creator of the pre-signed URL has the necessary permissions to upload that object.
All objects and buckets by default are private. The pre-signed URLs are useful if you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions. When you create a pre-signed URL, you must provide your security credentials and then specify a bucket name, an object key, an HTTP method (PUT for uploading objects), and an expiration date and time. The pre-signed URLs are valid only for the specified duration.
Option A is incorrect since this is used for Cross origin access
Option B is incorrect since this is used for encryption purposes.
Option D is incorrect since this is used for versioning
For more information on pre-signed URL’s, please refer to the below URL
https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.html
