Question #1611
A company hosts software updates on AWS and must distribute them globally with low latency. The company needs to block downloads from certain countries and ensure only authorized customers can access the updates. The solution must minimize operational costs and complexity.
Store updates in an Amazon S3 bucket. Enable MFA Delete and public read access. Share the S3 bucket URL directly with customers.
Store updates in Amazon S3. Create individual IAM roles for each customer with S3 read permissions. Distribute IAM credentials to customers for access.
Host updates on Amazon EC2 instances across multiple AWS Regions. Use Route 53 geolocation routing to direct users to the nearest instance. Restrict instance access using security groups.
Store updates in Amazon S3. Use Amazon CloudFront with geographic blocking for distribution. Generate signed CloudFront URLs for customers to access the updates.
Explanation
Option D is correct because:
- Amazon CloudFront ensures low-latency global distribution via its CDN network.
- Geographic blocking allows the company to block downloads from specific countries.
- Signed URLs restrict access to authorized customers, ensuring security.
- Amazon S3 provides cost-effective storage without operational overhead.
Other options fail because:
- A: Public read access allows unauthorized users, violating security requirements.
- B: Managing individual IAM roles is operationally complex and unscalable.
- C: EC2 instances require managing infrastructure, increasing cost and complexity, and security groups lack granular country-based blocking.
Key Points: Use CloudFront for global low-latency content delivery, S3 for storage, geographic restrictions for blocking countries, and signed URLs for secure access.
Answer
The correct answer is: D