A company is launching a web-based application in multiple regions around the world. The application consists of both static content stored in a private Amazon S3 bucket and dynamic content hosted in Amazon ECS containers content behind an Application Load Balancer (ALB). The company requires that the static and dynamic application content be accessible through Amazon CloudFront only. Which combination of steps should a solutions architect recommend to restrict direct content access to CloudFront? (Choose three.) A. Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the ALB. B. Create a web ACL in AWS WAF with a rule to validate the presence of a custom header and associate the web ACL with the CloudFront distribution. C. Configure CloudFront to add a custom header to origin requests. D. Configure the ALB to add a custom header to HTTP requests. E. Update the S3 bucket ACL to allow access from the CloudFront distribution only. F. Create a CloudFront Origin Access Identity (OAI) and add it to the CloudFront distribution. Update the S3 bucket policy to allow access to the OAI only.  Suggested Answer: ADF Community Answer: ACF This question is in SAP-C01 AWS Certified Solutions Architect – Professional Exam For getting AWS Certified Solutions Architect – Professional Certificate Disclaimers: The website is not related to, affiliated with, endorsed or authorized by Amazon. Trademarks, certification & product names are used for reference only and belong to Amazon. The website does not contain actual questions and answers from Amazon's Certification Exam.
Please login or Register to submit your answer