Which features can be used to restrict access to data in S3? Choose 2 answers
A.
Set an S3 ACL on the bucket or the object.
B.
Create a CloudFront distribution for the bucket.
C.
Set an S3 bucket policy.
D.
Enable IAM Identity Federation
E.
Use S3 Virtual Hosting
Explanation:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content- restricting-access-tos3.html
A, C
https://aws.amazon.com/s3/faqs/
Q: How can I control access to my data stored on Amazon S3?
Customers may use four mechanisms for controlling access to Amazon S3 resources: Identity and Access Management (IAM) policies
bucket policies
Access Control Lists (ACLs)
query string authentication.
IAM enables organizations with multiple employees to create and manage multiple users under a single AWS account. With IAM policies, companies can grant IAM users fine-grained control to their Amazon S3 bucket or objects while also retaining full control over everything the users do. With bucket policies, companies can define rules which apply broadly across all requests to their Amazon S3 resources, such as granting write privileges to a subset of Amazon S3 resources. Customers can also restrict access based on an aspect of the request, such as HTTP referrer and IP address. With ACLs, customers can grant specific permissions (i.e. READ, WRITE, FULL_CONTROL) to specific users for an individual bucket or object. With query string authentication, customers can create a URL to an Amazon S3 object which is only valid for a limited time. For more information on the various access control policies available in Amazon S3, please refer to the Access Control topic in the Amazon S3 Developer Guide.
0
0
A & C
http://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html
0
0
answer will B and E
for A-you cannot access bucket object with S3 url
0
0