AWS Certified Solutions Architect – Associate (SAA-C02) — Question 308

A solutions architect is creating a new Amazon CloudFront distribution for an application. Some of the information submitted by users is sensitive. The application uses HTTPS but needs another layer of security. The sensitive information should be protected throughout the entire application stack, and access to the information should be restricted to certain applications.
Which action should the solutions architect take?

Answer options

• A. Configure a CloudFront signed URL
• B. Configure a CloudFront signed cookie.
• C. Configure a CloudFront field-level encryption profile.
• D. Configure a CloudFront and set the Origin Protocol Policy setting to HTTPS. Only for the Viewer Protocol Pokey.

Correct answer: A

Explanation

Using an Amazon CloudFront signed URL allows the application to restrict access to sensitive content so that only users or applications with the valid signed URL can access the resource. This provides the necessary additional layer of security across the application stack by ensuring unauthorized clients cannot request the data. Signed cookies are typically used for providing access to multiple restricted files, whereas signed URLs are preferred for individual files and specific application integration.