AWS Certified Solutions Architect – Associate (SAA-C03) — Question 322

A media company uses Amazon CloudFront for its publicly available streaming video content. The company wants to secure the video content that is hosted in Amazon S3 by controlling who has access. Some of the company’s users are using a custom HTTP client that does not support cookies. Some of the company’s users are unable to change the hardcoded URLs that they are using for access.

Which services or methods will meet these requirements with the LEAST impact to the users? (Choose two.)

Answer options

• A. Signed cookies
• B. Signed URLs
• C. AWS AppSync
• D. JSON Web Token (JWT)
• E. AWS Secrets Manager

Correct answer: A, B

Explanation

Signed URLs are ideal for users who utilize custom HTTP clients that do not support cookies, as the authentication information is carried directly within the query string of the URL. Signed cookies are the correct choice for users with hardcoded URLs that cannot be changed, as they allow access to restricted files without altering the resource URLs themselves. Other options like AWS AppSync, JWT, and AWS Secrets Manager do not provide native CloudFront-integrated mechanism to restrict access to S3 content in this manner.