Which features can be used to restrict access to data in S3? Choose 2 answers
A.
Set an S3 ACL on the bucket or the object.
B.
Create a CloudFront distribution for the bucket.
C.
Set an S3 bucket policy.
D.
Enable IAM Identity Federation
E.
Use S3 Virtual Hosting
Explanation:
Amazon S3 is secure by default. Only the bucket and object owners originally have access to
Amazon S3 resources they create. Amazon S3 supports user authentication to control access
to data. You can use access control mechanisms such as bucket policies and Access Control
Lists (ACLs) to selectively grant permissions to users and groups of users. You can securely
upload/download your data to Amazon S3 via SSL endpoints using the HTTPS protocol. If
you need extra security you can use the Server Side Encryption (SSE) option or the Server
Side Encryption with Customer-Provide Keys (SSE-C) option to encrypt data stored-at-rest.
Amazon S3 provides the encryption technology for both SSE and SSE-C. Alternatively you
can use your own encryption libraries to encrypt data before storing it in Amazon S3.
https://aws.amazon.com/s3/faqs/