AWS Certified Developer – Associate — Question 78

A company is hosting a workshop for external users and wants to share the reference documents with the external users for 7 days. The company stores the reference documents in an Amazon S3 bucket that the company owns.

What is the MOST secure way to share the documents with the external users?

Answer options

• A. Use S3 presigned URLs to share the documents with the external users. Set an expiration time of 7 days.
• B. Move the documents to an Amazon WorkDocs folder Share the links of the WorkDocs folder with the external users.
• C. Create temporary IAM users that have read-only access to the S3 bucket. Share the access keys with the external users. Expire the credentials after 7 days.
• D. Create a role that has read-only access to the S3 bucket. Share the Amazon Resource Name (ARN) of this role with the external users.

Correct answer: A

Explanation

Using S3 presigned URLs is the most secure method because it allows for time-limited access to the specific documents without exposing the entire bucket or creating additional user accounts. The other options either involve unnecessary complexity, such as creating IAM users or roles, or do not offer the same level of granularity and security as presigned URLs with expiration settings.