AWS Certified SysOps Administrator Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the AWS Certified SysOps Administrator Exam. Utilize flashcards, multiple-choice questions, tips, and in-depth explanations. Get exam-ready!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

What is the best way to ensure that only CloudFront has access to your S3 bucket files?

  1. Set a public read ACL on the S3 bucket

  2. Use an Origin Access Identity and a bucket policy

  3. Disable public access to the bucket completely

  4. Configure S3 bucket logging to track access

The correct answer is: Use an Origin Access Identity and a bucket policy

The best way to ensure that only CloudFront has access to your S3 bucket files is to use an Origin Access Identity (OAI) along with a bucket policy. This approach allows you to create a secure configuration where CloudFront can access your S3 bucket content without exposing it publicly. By creating an OAI, you effectively create a unique identity for CloudFront that can be granted permission to access the S3 bucket. You can then modify the bucket policy to allow only requests coming from that OAI and deny access to any other sources. This means that users will not be able to access the content directly from the S3 bucket URL, enhancing security by ensuring that only CloudFront can retrieve the files and serve them to end users. This method is both secure and efficient because it allows for caching and faster delivery of your content while keeping the S3 bucket private. The other options, while they have their uses, do not provide the same level of security as associating your S3 bucket access with an OAI. For instance, setting a public read ACL on the S3 bucket would make files accessible to anyone on the internet, which compromises security. Disabling public access to the bucket is a good practice but does not specifically limit access to

More Questions Like This