AWS Certified Developer – Associate — Question 122

An application stores financial statements in an Amazon S3 bucket. A recent security audit found that the bucket does not comply with company standards. Currently, several IAM policies allow encrypted calls and unencrypted calls to the bucket. The company needs to create a bucket policy that forces all requests to the bucket to use encrypted connections.

Which solution will meet this requirement?

Answer options

• A. Add a bucket policy with a condition of "aws:SecureTransport": "true" and an effect of "Allow."
• B. Add a bucket policy with a resource of "am:aws:s3:::https/bucketname" and an effect of "Allow."
• C. Add a bucket policy with a condition of "aws:SecureTransport": "false" and an effect of "Deny."
• D. Add a bucket policy with a resource of "arn:aws:s3:::http/bucketname" and an effect of "Deny."

Correct answer: C

Explanation

The correct answer is C because it denies access to requests that do not use encrypted connections, thereby enforcing the requirement for secure transport. Option A allows requests that are encrypted but does not prevent unencrypted access. Option B is incorrectly formatted and does not apply to the requirement, while option D also incorrectly specifies the resource and does not address the condition of requiring encryption.