You are designing a website for a company that streams anime videos. You serve this content through CloudFront. The company has implemented a section for premium subscribers. This section contains more videos than the free section. You want to ensure that only premium subscribers can access this premium section. How can you achieve this easily?

Answer options:

A.Using bucket policies.
B.Requiring HTTPS for communication between users and CloudFront.
C.Using CloudFront origin with signed URLs.
D.Using CloudFront origin with signed cookies.

Correct Answer: D
Option A is incorrect. Bucket policies are mainly used with resources in AWS. They are not intended to restrict content to application users. More details:
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-policy-language-overview.html
Option B is incorrect. This option only encrypts the communication between users and CloudFront. It does not restrict access to files. More details:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/using-https.html
Option C is incorrect. With a signed URL, you only restrict access to one file. If you implement this, the application would have to generate a new pre-signed URL for every file in the premium section and give this new link to the user. More details:
https://docs.amazonaws.cn/en_us/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-urls.html
Option D is CORRECT. Once your application allows your user to see this section, it will give a cookie to the user. Then CloudFront will use this cookie to access S3 restricted content. More details:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-signed-cookies.html