Home › Forums › AWS › AWS Certified Solutions Architect Professional › why this option for cloudfront should be an answer › Reply To: why this option for cloudfront should be an answer
-
Hi Joseph,
Thanks for the feedback.
The two options provided are independent of each other. Either one of them can be the solution to the problem.
Create a new S3 bucket in US West (N. California) region and upload the files. Use S3 pre-signed URLs to ensure that only their client can access the files. Remove permission to use Amazon S3 URLs to read the files for anyone else.
Use CloudFront signed URLs to ensure that only their client can access the files. Create an origin access identity (OAI) and give it permission to read the files in the bucket. Remove permission to use Amazon S3 URLs to read the files for anyone else.
Actually, you don’t have to create a new S3 bucket to use S3 pre-signed URLs. But since the other choices are all invalid on their own rights, the ones left are these two options. And one of them is “Create a new S3 bucket in US West (N. California) region and upload the files. Use S3 pre-signed URLs to ensure that only their client can access the files. Remove permission to use Amazon S3 URLs to read the files for anyone else.”
You can just use the current S3 bucket and use pre-signed URLs. It’s not a requirement to create a new one. But it’s the only choice left that is valid.
Hope this helps.
Regards,
Kenneth Samonte @ Tutorials Dojo