You are building a system to distribute confidential training videos to employees. Using CloudFront, what
method could be used to serve content that is stored in S3, but not publicly accessible from S3 directly?
A.
Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to
that OAI.
B.
Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.
C.
Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in
your S3 bucket to that IAM User.
D.
Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as
the Amazon Resource Name (ARN).
Ref – https://markosrendell.wordpress.com/2013/12/12/aws-certified-solutions-architect-sample-questions-answered-and-discussed/
Correct answer – A
A. https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html
A
A