Logo
AWS Certified Solutions Architect - Professional / Question #907 of 529

Question #907

A company uses a web application to securely upload large datasets (over 200 MB) to an Amazon S3 bucket via presigned URLs. Only authenticated users are permitted to upload content. Users report significant delays during uploads. What should a solutions architect implement to optimize upload performance while maintaining strict authentication controls?

A

Deploy an Amazon API Gateway with a regional endpoint configured as an S3 proxy for the PutObject operation. Secure the API using a Lambda authorizer and direct browser uploads through the API instead of presigned URLs.
B

Enable S3 Transfer Acceleration on the bucket, generate presigned URLs with the acceleration endpoint, and require the browser to use the S3 multipart upload API for all large objects.
C

Create an edge-optimized Amazon API Gateway with an S3 proxy for PutObject operations. Use Amazon Cognito for API authorization and migrate browser uploads to the API Gateway endpoint.
D

Configure a CloudFront distribution with PUT/POST methods allowed, link it to the S3 bucket via an Origin Access Identity (OAI), grant OAI PutObject permissions, and route browser uploads through CloudFront.

Explanation

Answer B is correct because:
1. S3 Transfer Acceleration leverages CloudFront's globally distributed edge locations to reduce latency, improving upload speeds for large files.
2. Multipart Upload API allows parallel uploads of file parts, significantly accelerating large object transfers.
3. Presigned URLs with the acceleration endpoint maintain strict authentication controls without introducing new services.

Why other options are incorrect:
- A & C: API Gateway adds unnecessary latency and complexity. Lambda/Cognito introduces additional authorization steps, deviating from presigned URL authentication.
- D: CloudFront with OAI requires reconfiguring permissions and lacks the dedicated acceleration benefits of S3 Transfer Acceleration.

Key Points:
- Use S3 Transfer Acceleration and multipart uploads for large file optimizations.
- Presigned URLs ensure secure, authenticated uploads without extra services.

Answer

The correct answer is: B