AWS Certified Developer – Associate (DVA-C02) — Question 221

A company is hosting a workshop for external users and wants to share the reference documents with the external users for 7 days. The company stores the reference documents in an Amazon S3 bucket that the company owns.

What is the MOST secure way to share the documents with the external users?

Answer options

• A. Use S3 presigned URLs to share the documents with the external users. Set an expiration time of 7 days.
• B. Move the documents to an Amazon WorkDocs folder. Share the links of the WorkDocs folder with the external users.
• C. Create temporary IAM users that have read-only access to the S3 bucket. Share the access keys with the external users. Expire the credentials after 7 days.
• D. Create a role that has read-only access to the S3 bucket. Share the Amazon Resource Name (ARN) of this role with the external users.

Correct answer: A

Explanation

The most secure method to share the documents is by using S3 presigned URLs, as they allow controlled access with a specified expiration time and do not expose AWS credentials. Option B does not provide the same level of security and control as presigned URLs, while Option C unnecessarily creates temporary IAM users, which is more complex and could lead to security issues if not managed properly. Option D also lacks the direct access control and simplicity offered by presigned URLs.