Amazon Exam SAA-C03 Topic 11 Question 23 Discussion

Actual exam question for Amazon's SAA-C03 exam

Question #: 23
Topic #: 11

A company wants to use an AWS CloudFormatlon stack for its application in a test environment. The company stores the CloudFormation template in an Amazon S3 bucket that blocks public access. The company wants to grant CloudFormation access to the template in the S3 bucket based on specific user requests to create the test environment The solution must follow security best practices.

Which solution will meet these requirements?

ACreate a gateway VPC endpoint for Amazon S3. Configure the CloudFormation stack to use the S3 object URL

BCreate an Amazon API Gateway REST API that has the S3 bucket as the target. Configure the CloudFormat10n stack to use the API Gateway URL _

CCreate a presigned URL for the template object_ Configure the CloudFormation stack to use the presigned URL.

DAllow public access to the template object in the S3 bucket. Block the public access after the test environment is created

Show Suggested Answer

Suggested Answer: C

it allows CloudFormation to access the template in the S3 bucket without granting public access or creating additional resources. A presigned URL is a URL that is signed with the access key of an IAM user or role that has permission to access the object. The presigned URL can be used by anyone who receives it, but it expires after a specified time. By creating a presigned URL for the template object and configuring the CloudFormation stack to use it, the company can grant CloudFormation access to the template based on specific user requests and follow security best practices. Reference:

Using Amazon S3 Presigned URLs

Using Amazon S3 Buckets

by Hermila at Oct 06, 2023, 06:00 PM

Limited Time Offer

25%

Off

Get Premium SAA-C03 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Ivan Quevedo

7 months ago

Minimum privilegies

upvoted 1 times

...