A company is storing media content in an Amazon S3 bucket and uses Amazon CloudFront to distribute the content to its users. Due to licensing terms, the company is not authorized to distribute the content in some countries. A SysOps administrator must restrict access to certain countries. What is the MOST operationally efficient solution that meets these requirements?

Topic #: - All AWS Certified SysOps Administrator - Associate Questions

A. Configure the S3 bucket policy to deny the GetObject operation based on the S3:LocationConstraint condition.
B. Create a secondary origin access identity (OAI). Configure the S3 bucket policy to prevent access from unauthorized countries.
C. Enable the geo restriction feature in the CloudFront distribution to prevent access from unauthorized countries.
D. Update the application to generate signed CloudFront URLs only for IP addresses in authorized counties.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion