🔥 3-day streak
AWS Certified Solutions Architect - Professional24 / 186
Question 24 of 186
A media company serves static assets to global users from an S3 bucket that is currently configured as a public website endpoint fronted by CloudFront. A recent security audit flagged that the bucket allows anonymous public access and that assets can be retrieved directly from the S3 website URL, bypassing CloudFront (and therefore WAF rules and access logging). The team must remediate this exposure so that assets are only reachable through CloudFront, without changing the object keys or breaking existing viewer URLs. Which approach best meets these requirements with the least ongoing operational overhead?
Reviewed for accuracy · Report an issueNext question