A company has confidential documents stored on Amazon S3. The Company wants to share these documents securely to 3rd parties without exposing the S3 files in public. The files are shared only within a limited timeframe.
What is the best, most reliable and secure way to deliver these documents?

Answer options:

A.Assign IAM users for the 3rd party and create a bucket policy to allow access of bucket though IAM users.
B.Create presigned URLs for the objects and share the URLs with the 3rd parties.
C.Create a bucket policy that allows access to CloudFront distribution Ids.
D.Assign IAM Roles for the 3rd party and create a bucket policy to allow access of bucket through IAM Roles.

Answer: B
Option A is incorrect because assigning IAM users is not a reliable way to securable sharing of content.
Option B is CORRECT. With presigned URLs, the objects can be shared with others securely. The presigned URLs are valid only for the specified duration.
Option C is incorrect as CloudFront distribution IDs won’t give secure access.
Option D is incorrect as Assigning AWS Roles will not be a reliable way to secure content sharing.
References:
http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html