A solution architect must design a solution that uses Amazon CloudFront with an Amazon S3 to store a static website. The company security policy requires that all websites traffic be inspected by AWS WAF.
How should the solution architect company with these requirements?
A . Configure an S3 bucket policy to accept requests coming from the AWS WAF Amazon Resource Name (ARN) only
B . Configure Amazon CloudFront to forward all incoming requests to AWS WAF before requesting content from the S3 origin,
C . Configure a security group that allows Amazon CloudFront IP addresses to access Amazon S3 only Associate AWS WAF to CloudFront.
D . Configure Amazon CloudFront and Amazon S3 to use an origin access identity (OAI) to restrict access to the S3 bucket. Enable AWS WAF on the distribution.
Answer: B
Leave a Reply