AWS Certified Solutions Architect – Associate (SAA-C03) — Question 603

A company collects and shares research data with the company's employees all over the world. The company wants to collect and store the data in an Amazon S3 bucket and process the data in the AWS Cloud. The company will share the data with the company's employees. The company needs a secure solution in the AWS Cloud that minimizes operational overhead.

Which solution will meet these requirements?

Answer options

• A. Use an AWS Lambda function to create an S3 presigned URL. Instruct employees to use the URL.
• B. Create an IAM user for each employee. Create an IAM policy for each employee to allow S3 access. Instruct employees to use the AWS Management Console.
• C. Create an S3 File Gateway. Create a share for uploading and a share for downloading. Allow employees to mount shares on their local computers to use S3 File Gateway.
• D. Configure AWS Transfer Family SFTP endpoints. Select the custom identity provider options. Use AWS Secrets Manager to manage the user credentials Instruct employees to use Transfer Family.

Correct answer: A

Explanation

Using an AWS Lambda function to generate S3 presigned URLs is the most secure and operationally efficient solution because it allows temporary, authorized access to Amazon S3 objects without managing IAM users or complex infrastructure. Options B and D introduce significant administrative overhead by requiring the management of individual IAM users or SFTP custom identity providers and credentials. Option C is unsuitable because S3 File Gateway is designed for hybrid cloud storage and is too complex to deploy and mount for global, remote employees.