AWS Certified Solutions Architect – Associate (SAA-C03) — Question 534

A media company uses an Amazon CloudFront distribution to deliver content over the internet. The company wants only premium customers to have access to the media streams and file content. The company stores all content in an Amazon S3 bucket. The company also delivers content on demand to customers for a specific purpose, such as movie rentals or music downloads.

Which solution will meet these requirements?

Answer options

• A. Generate and provide S3 signed cookies to premium customers.
• B. Generate and provide CloudFront signed URLs to premium customers.
• C. Use origin access control (OAC) to limit the access of non-premium customers.
• D. Generate and activate field-level encryption to block non-premium customers.

Correct answer: B

Explanation

CloudFront signed URLs are the ideal solution for restricting access to individual files, such as specific movie rentals or music downloads, for authorized premium users. Signed cookies are better suited for providing access to multiple restricted files or an entire subscriber area, making them less appropriate for individual on-demand transactions. Origin access control (OAC) secures the S3 bucket itself from public access but does not manage user-level permissions, while field-level encryption is used to protect sensitive data during ingest rather than restricting content delivery.