Home › AWS Developer Associate › cloudcomputing › awsdevsecurity › A static website served from S3 must allow time-…
A static website served from S3 must allow time-limited downloads to authenticated users without making the bucket public. Which AWS mechanism is BEST?
AMake the bucket public for everyone
BMigrate the bucket to Glacier Deep Archive
CEmail the bucket owner's IAM access key to each user
DPre-signed URLs generated by the app's backend
Answer & Solution
Correct answer: D. Pre-signed URLs generated by the app's backend
Pre-signed URLs grant time-limited GET (or PUT) access to a specific object using the signer's credentials — exactly the time-boxed access pattern. The others either expose data or destroy the workflow.
Related questions
An S3 bucket policy grants `s3:GetObject` only when the request includes a specific VPC enWhich approach correctly handles environment-specific configuration (DB endpoints, featureAn application must encrypt user-uploaded files in S3 with a key the customer controls (CMWhich IAM feature lets a developer's IAM role temporarily "impersonate" a service-account-A Lambda function reads database credentials at cold start from AWS Secrets Manager and caAn API Gateway REST API needs to require a valid Amazon Cognito ID token on every call. WhWhich IAM construct is best for granting a CodeBuild project the right to read from one spWhich AWS service issues, manages, and auto-renews public TLS certificates for use with AL