AWS Certified Solutions Architect – Associate (SAA-C03) — Question 295

A company wants to give a customer the ability to use on-premises Microsoft Active Directory to download files that are stored in Amazon S3. The customer’s application uses an SFTP client to download the files.

Which solution will meet these requirements with the LEAST operational overhead and no changes to the customer’s application?

Answer options

• A. Set up AWS Transfer Family with SFTP for Amazon S3. Configure integrated Active Directory authentication.
• B. Set up AWS Database Migration Service (AWS DMS) to synchronize the on-premises client with Amazon S3. Configure integrated Active Directory authentication.
• C. Set up AWS DataSync to synchronize between the on-premises location and the S3 location by using AWS IAM Identity Center (AWS Single Sign-On).
• D. Set up a Windows Amazon EC2 instance with SFTP to connect the on-premises client with Amazon S3. Integrate AWS Identity and Access Management (IAM).

Correct answer: A

Explanation

AWS Transfer Family is a fully managed service that enables transfer of files directly into and out of Amazon S3 using SFTP, and it natively supports authentication via on-premises Microsoft Active Directory. Using a managed service like AWS Transfer Family minimizes operational overhead, unlike deploying and maintaining an SFTP server on an Amazon EC2 instance. Other tools such as AWS DMS and AWS DataSync are designed for data migration and synchronization rather than serving as client-facing SFTP endpoints.