AWS Certified SysOps Administrator – Associate — Question 476

A company is using Amazon S3 to set up a temporary static website that is public. A SysOps administrator creates an S3 bucket by using the default settings. The SysOps administrator updates the S3 bucket properties to configure static website hosting. The SysOps administrator then uploads objects that contain content for index html and error html.

When the SysOps administrator navigates to the website URL the SysOps administrator receives an HTTP Status Code 403: Forbidden (Access Denied) error.

What should the SysOps administrator do to resolve this error?

Answer options

• A. Create an Amazon Route 53 DNS entry Point the entry to the S3 bucket.
• B. Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow GetObject access on the S3 bucket.
• C. Edit the permissions on the index html and error html files for read access.
• D. Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow PutObject access on the S3 bucket.

Correct answer: B

Explanation

By default, newly created S3 buckets have Block Public Access enabled, which prevents public access to the objects regardless of bucket policies. To resolve the HTTP 403 Forbidden error for a static website, the SysOps administrator must turn off the Block Public Access settings and add a bucket policy that grants public read permissions using the s3:GetObject action. Option D is incorrect because s3:PutObject is used for uploading files, not retrieving them.