AWS Certified Solutions Architect – Associate (SAA-C02) — Question 79

A company delivers files in Amazon S3 to certain users who do not have AWS credentials. These users must be given access for a limited time. What should a solutions architect do to securely meet these requirements?

Answer options

• A. Enable public access on an Amazon S3 bucket.
• B. Generate a presigned URL to share with the users.
• C. Encrypt files using AWS KMS and provide keys to the users.
• D. Create and assign IAM roles that will grant GetObject permissions to the users.

Correct answer: B

Explanation

Generating a presigned URL allows users without AWS credentials to access the files in Amazon S3 temporarily and securely, as it includes authentication information and a specified expiration time. Enabling public access compromises security, while encrypting files with AWS KMS doesn't address access for users without credentials. Creating IAM roles is unnecessary for users without AWS accounts, as they cannot assume the roles.