-
Another Confusing Question: It used to work
updated 2 months, 3 weeks ago
2 Members
·
2
Posts
-
36. Question
A financial company is building a new online document portal system that allows its employees and developers to upload yearly and bi-annual corporate earnings report files to a private S3 bucket in which other confidential corporate files will also be stored. You are working as a Solutions Architect and you were instructed to create the private S3 bucket as well as the IAM users for the application developers to start their work. You assigned the required policies in IAM to the developers that allows them read and write access to the S3 bucket. After a few weeks, they have completed the new online portal and hosted it on a fleet of Spot EC2 instances. One of the application developers created a pre-signed URL that points to the correct S3 bucket and after a few testing, he has successfully uploaded the files from his laptop using the generated URL. He then made the necessary code change to the online portal to generate the pre-signed URL to upload the files in S3. However, after a few days, the development team complained that they cannot upload the files anymore using the online portal.
Which of the following options are valid reasons for this behavior? (Select TWO.)
The application developers do not have access to either read or upload objects to the S3 bucket.
The ACL of the S3 bucket blocks the online portal and prevents the developers from uploading any files.
There was a recent change in the S3 bucket that allows object versioning which invalidates all presigned URLs.
The expiration date of the pre-signed URL is incorrectly set to expire too quickly and thus, may have already expired when they used it.
The required AWS credentials in the ~/.aws/credentials configuration file located on the EC2 instances of the online portal is missing and hence, it does not generate the pre-signed URL properly.Incorrect
In this scenario, the main issue is that the online portal cannot upload files to the S3 bucket but the application developers can successfully upload files on their laptops. Take note that in this scenario, the online portal is deployed to a group of EC2 instances and it was not mentioned that you attached an IAM Role to these instances nor added security credentials in the ~/.aws/credentials configuration file.
With all of these data in mind, we can deduce that the online portal is generating pre-signed URLs that are set to have an overly tight expiration date which causes the issue. In addition, there might be no security credentials added in the EC2 instances that host the online portal considering that it is not mentioned in the scenario. Remember that this is required to properly generate the pre-signed URLs.
Therefore, the correct answers are:
– The expiration date of the pre-signed URL is incorrectly set to expire too quickly and thus, may have already expired when they used it.
– The required AWS credentials in the ~/.aws/credentials configuration file located on the EC2 instances of the online portal is missing and hence, it does not generate the pre-signed URL properly.
The last sentence of the question states “However, after a few days, the development team complained that they cannot upload the files anymore using the online portal.” If this is the case then “/credentials configuration” file had to be modified or removed.
Very confusing the way it is worded.
-
Hello Stresco,
Thank you for pointing this one out.
The statement, “However, after a few days, the development team complained that they could not upload the files anymore using the online portal,” implies that the team initially succeeded in uploading files through the portal. This suggests that the credentials were properly configured at the get-go. Following updates to the portal’s code, it’s possible that the credentials were misconfigured, leading to their modification or deletion.
With this said, we acknowledge that the wording could have been clearer to avoid confusion. We’ll make the necessary changes to improve this question.
Please let us know if you need further clarification.
Regards,
Carlo @ Tutorials Dojo
Log in to reply.