PrepAway - Latest Free Exam Questions & Answers

Which features can be used to restrict access to data in S3?

Which features can be used to restrict access to data in S3? Choose 2 answers

PrepAway - Latest Free Exam Questions & Answers

A.
Set an S3 Bucket policy.

B.
Enable IAM Identity Federation.

C.
Set an S3 ACL on the bucket or the object.

D.
Create a CloudFront distribution for the bucket

E.
Use S3 Virtual Hosting

18 Comments on “Which features can be used to restrict access to data in S3?

  1. d0tkevin says:

    Answer:
    A. Set an S3 Bucket policy.
    C. Set an S3 ACL on the bucket or the object.

    “Customers may use four mechanisms for controlling access to Amazon S3 resources: Identity and Access Management (IAM) policies, bucket policies, Access Control Lists (ACLs) and query string authentication.”

    https://aws.amazon.com/s3/faqs/




    0



    0
  2. Simon Liang says:

    A, C.

    https://aws.amazon.com/s3/faqs

    Q: How can I control access to my data stored on Amazon S3?

    Customers may use four mechanisms for controlling access to Amazon S3 resources: Identity and Access Management (IAM) policies, bucket policies, Access Control Lists (ACLs) and query string authentication




    2



    0
  3. Jmario says:

    But you can creat a cloudfront custom origin to restrict access to the s3 bucket.

    Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content
    Note
    You can also restrict access to content on a custom origin by using custom headers. For more information, see Using Custom Headers to Restrict Access to Your Content on a Custom Origin.

    http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html




    0



    0
  4. Romain says:

    A & C

    You can set up access control to buckets using:
    1) Bucket Policies (applied to the entire bucket)
    2) ACLs (for more granularity: Can be for individual objects)




    0



    0

Leave a Reply to Romain Cancel reply

Your email address will not be published. Required fields are marked *