You have a requirement to serve up private content using the keys available with Cloudfront.
How can this be achieved?
A . Add the keys to the backend distribution.
B . Add the keys to the S3 bucket
C . Create pre-signed URL’s
D . Use AWS Access keys
Answer: C
Explanation:
Option A and B are invalid because you will not add keys to either the backend distribution or the S3 bucket.
Option D is invalid because this is used for programmatic access to AWS resources You can use Cloudfront key pairs to create a trusted pre-signed URL which can be distributed to users
Specifying the AWS Accounts That Can Create Signed URLs and Signed Cookies (Trusted
Signers)
Topics
• Creating CloudFront Key Pairs for Your Trusted Signers
• Reformatting the CloudFront Private Key (.NET and Java Only)
• Adding Trusted Signers to Your Distribution
• Verifying that Trusted Signers Are Active (Optional) 1 Rotating CloudFront Key Pairs
To create signed URLs or signed cookies, you need at least one AWS account that has an active CloudFront key pair. This accou is known as a trusted signer.
The trusted signer has two purposes:
• As soon as you add the AWS account ID for your trusted signer to your distribution,
CloudFront starts to require that users us signed URLs or signed cookies to access your objects.
‘ When you create signed URLs or signed cookies, you use the private key from the trusted signer’s key pair to sign a portion of the URL or the cookie. When someone requests a restricted object CloudFront compares the signed portion of the URL or cookie with the unsigned portion to verify that the URL or cookie hasn’t been tampered with. CloudFront also verifies that the URL or cookie is valid, meaning, for example, that the expiration date and time hasn’t passed.
For more information on Cloudfront private trusted content please visit the following URL: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-s
The correct answer is: Create pre-signed URL’s Submit your Feedback/Queries to our Experts
Leave a Reply