AWS Certified Developer – Associate — Question 167

A company has an Amazon S3 bucket containing premier content that it intends to make available to only paid subscribers of its website. The S3 bucket currently has default permissions of all objects being private to prevent inadvertent exposure of the premier content to non-paying website visitors.

How can the company limit the ability to download a premier content file in the S3 bucket to paid subscribers only?

Answer options

• A. Apply a bucket policy that allows anonymous users to download the content from the S3 bucket.
• B. Generate a pre-signed object URL for the premier content file when a paid subscriber requests a download.
• C. Add a bucket policy that requires multi-factor authentication for requests to access the S3 bucket objects.
• D. Enable server-side encryption on the S3 bucket for data protection against the non-paying website visitors.

Correct answer: B

Explanation

The correct answer is B because generating a pre-signed URL allows access to the premier content file for a limited time, ensuring that only paid subscribers can download it. Option A is incorrect as allowing anonymous users would expose the content to everyone. Option C, while enhancing security, does not directly limit access to paid subscribers. Option D focuses on encryption, which does not control access permissions.