AWS Certified SysOps Administrator SOA-C01 – Question321

You have private video content in S3 that you want to serve to subscribed users on the Internet. User IDs, credentials, and subscriptions are stored in an Amazon RDS database. Which configuration will allow you to securely serve private content to your users?

A.
Generate pre-signed URLs for each user as they request access to protected S3 content
B. Create an IAM user for each subscribed user and assign the GetObject permission to each IAM user
C. Create an S3 bucket policy that limits access to your private content to only your subscribed users' credentials
D. Create a CloudFront Origin Identity user for your subscribed users and assign the GetObject permission to this user

Correct Answer: A

Explanation:

Explanation:
“You can optionally secure the content in your Amazon S3 bucket so users can access it through CloudFront but cannot access it directly by using Amazon S3 URLs. This prevents anyone from bypassing CloudFront and using the Amazon S3 URL to get content that you want to restrict access to. This step isn’t required to use signed URLs, but we recommend it.”
Reference:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/P…