A company has a single-page application (SPA) that is served by Amazon CloudFront. An Amazon S3 bucket is the origin of the CloudFront distribution. The company is using Amazon Cognito for authentication. An external security review reveals that unauthenticated users can download the application source code from the SPA in index.html and view internal details of the SPA. A security engineer needs to implement a solution to avoid exposing the source code to unauthenticated users. Which solution will meet these requirements?

Topic #: - All AWS Certified Security - Specialty Questions

A. Split the login logic to a separate login.html page. Designate the new page as the landing page. Attach an AWS WAF web ACL to the CloudFront distribution to deny unauthenticated requests to index html.
B. Change the authentication method in Amazon Cognito to use an AWS Lambda authorizer. Configure the Lambda authorizer to control authentication and disallow downloads if the user is not authenticated.
C. Implement an Amazon Cognito hosted UI for the login. Add Lambda@Edge logic to the CloudFront distribution to either serve content or redirect to the login page. Most Voted
D. Create an origin access identity (OAI). Associate the OAI with the CloudFront distribution. Configure S3 bucket permissions for the OAI to allow access to authenticated users only.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion