AWS Certified Developer – Associate — Question 91

A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.

How can the developer meet these requirements?

Answer options

• A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.
• B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.
• C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.
• D. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.

Correct answer: B

Explanation

The correct answer is B because generating a presigned URL allows authenticated users to access specific documents for a defined period, in this case, 15 minutes. Option A does not address the secure access requirement, while C only provides encryption and HTTPS without controlling access duration. Option D would be cumbersome to manage and does not provide a secure access mechanism within the required time frame.