Question 101:
A construction company is sharing its architecture drawings stored in the Amazon S3 bucket with external vendors. All these vendors are spread across the globe. So to enhance performance for downloading files, a CloudFront distribution is created with an S3 bucket as the origin. Last week there was an incident where a vendor erroneously deleted a drawing from an S3 bucket. You have been asked to create an appropriate policy as it was found that some users are accessing S3 buckets directly. Which of the following actions will help to restrict access to the S3 bucket? (Select two).
Answer options:
A.Create custom headers to restrict access to the S3 bucket directly. B.Modify Permission on S3 buckets so that only OAI has permission to access files. C.Create a Pre Signed URL with Amazon S3 bucket. D.Create an Origin Access identity with CloudFront & associate with distribution. E.Modify the permission on pre-signed URL so that only restricted users can access the Amazon S3 bucket.