AWS Certified Solutions Architect – Associate (SAA-C02) — Question 45

An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.
What is the MOST secure way to do this?

Answer options

• A. Enable public read on the S3 object and provide the link to the vendor.
• B. Upload the file to Amazon WorkDocs and share the public link with the vendor.
• C. Generate a presigned URL and have the vendor download the log file before it expires.
• D. Create an IAM user for the vendor to provide access to the S3 bucket and the application. Enforce multi-factor authentication.

Correct answer: C

Explanation

The correct answer is C because generating a presigned URL provides secure, temporary access to the S3 object without exposing it publicly. Option A is incorrect as it compromises security by allowing public access. Option B is less secure compared to C, and while it shares the file, it doesn't have the same level of access control. Option D, although secure, is more complex and may not be necessary for a temporary file share.