An application hosted in AWS allows users to upload videos to an S3 bucket.
A user is required to be given access to upload some videos for a week based on the profile.
How could this be accomplished in the best way possible?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
Pre-signed URLs are the perfect solution when you want to give temporary access to users for S3 buckets.
So, whenever a new profile is created, you can create a pre-signed URL to ensure that the URL lasts for a week and allows users to upload the required objects.
For more information on pre-signed URLs, please visit the following URL:
https://docs.aws.amazon.com/AmazonS3/latest/dev/PresignedUrlUploadObject.htmlFor Choice D, the maximum time you can set for IAM Role Session is 12 hours.
So this doesn't satisfy the 1-week requirement.
Ref: https://docs.aws.amazon.com/singlesignon/latest/userguide/howtosessionduration.html.
The best way to accomplish providing temporary access to upload videos to an S3 bucket in AWS is by creating a pre-signed URL for each user profile that will last for one week.
A pre-signed URL is a unique URL that provides temporary access to an S3 object. The pre-signed URL can be used to upload, download, or delete an object without requiring AWS credentials. When a user requests the pre-signed URL, the URL is generated by AWS and includes a signature that verifies the user's credentials and authorizes the user to access the specified S3 object.
Creating a pre-signed URL for each user profile ensures that each user is given a unique URL that expires after one week. This method provides granular control over access to S3 objects and limits the scope of access to only the necessary resources. Additionally, the use of pre-signed URLs does not require any additional AWS resources, such as IAM roles, policies, or bucket policies.
Creating an IAM bucket policy, S3 bucket policy, or IAM role to provide access for one week is not the best approach. IAM bucket policies and S3 bucket policies are used to grant or deny access to a bucket or object for specific AWS accounts, IAM users, or roles. They are not suitable for providing temporary access to a specific user for a limited time. IAM roles are intended to grant access to AWS services and resources from within an instance or application running on an EC2 instance or other trusted environment.
Therefore, the correct answer is B. Create a pre-signed URL for each profile which will last for one week.