AWS Certified Solutions Architect – Associate (SAA-C03) — Question 834

A company creates operations data and stores the data in an Amazon S3 bucket. For the company's annual audit, an external consultant needs to access an annual report that is stored in the S3 bucket. The external consultant needs to access the report for 7 days.

The company must implement a solution to allow the external consultant access to only the report.

Which solution will meet these requirements with the MOST operational efficiency?

Answer options

• A. Create a new S3 bucket that is configured to host a public static website. Migrate the operations data to the new S3 bucket. Share the S3 website URL with the external consultant.
• B. Enable public access to the S3 bucket for 7 days. Remove access to the S3 bucket when the external consultant completes the audit.
• C. Create a new IAM user that has access to the report in the S3 bucket. Provide the access keys to the external consultant. Revoke the access keys after 7 days.
• D. Generate a presigned URL that has the required access to the location of the report on the S3 bucket. Share the presigned URL with the external consultant.

Correct answer: D

Explanation

Generating an Amazon S3 presigned URL is the most operationally efficient solution because it allows secure, temporary access to a specific object without requiring IAM user management or exposing the bucket publicly. The URL can be configured to automatically expire after 7 days, removing the administrative overhead of manual revocation. Other options either introduce severe security risks by making data public or require unnecessary manual provisioning and cleanup of IAM credentials.