A media company hosts a web application on AWS for uploading videos. Only authenticated users should upload within a specified time frame after authentication.
Which solution will meet these requirements with the LEAST operational overhead?
A.
Configure the application to generate IAM temporary security credentials for authenticated users.
B.
Create an AWS Lambda function that generates pre-signed URLs when a user authenticates.
C.
Develop a custom authentication service that integrates with Amazon Cognito to control and log direct S3 bucket access through the application.
D.
Use AWS Security Token Service (AWS STS) to assume a pre-defined IAM role that grants authenticated users temporary permissions to upload videos directly to the S3 bucket.
Option B: Pre-signed URLs provide temporary, authenticated access to S3, limiting uploads to the time frame specified. This solution is lightweight, efficient, and easy to implement.
Option Arequires the management of IAM temporary credentials, adding complexity.
Option Cinvolves unnecessary development effort.
Option Dintroduces more complexity with STS and roles than pre-signed URLs.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit