AWS Certified Developer – Associate (DVA-C02) — Question 298

A developer creates a static website for their department. The developer deploys the static assets for the website to an Amazon S3 bucket and serves the assets with Amazon CloudFront. The developer uses origin access control (OAC) on the CloudFront distribution to access the S3 bucket.

The developer notices users can access the root URL and specific pages but cannot access directories without specifying a file name. For example, /products/index.html works, but /products/ returns an error. The developer needs to enable accessing directories without specifying a file name without exposing the S3 bucket publicly.

Which solution will meet these requirements?

Answer options

• A. Update the CloudFront distribution's settings to index.html as the default root object is set.
• B. Update the Amazon S3 bucket settings and enable static website hosting. Specify index.html as the Index document. Update the S3 bucket policy to enable access. Update the CloudFront distribution's origin to use the S3 website endpoint.
• C. Create a CloudFront function that examines the request URL and appends index.html when directories are being accessed. Add the function as a viewer request CloudFront function to the CloudFront distribution's behavior.
• D. Create a custom error response on the CloudFront distribution with the HTTP error code set to the HTTP 404 Not Found response code and the response page path to /index.html. Set the HTTP response code to the HTTP 200 OK response code.

Correct answer: C

Explanation

CloudFront's default root object feature only works for the root URL, not for subdirectories. Using a CloudFront Function allows you to rewrite the request URL on the fly to append 'index.html' to subdirectory requests while maintaining S3 bucket privacy via Origin Access Control (OAC). Using the S3 website endpoint instead of OAC would require making the S3 bucket public, which violates the security requirement.