What is the MOST secure way to do this?

An application hosted on AWS is experiencing performance problems, and the application vendor wants to perform an analysis of the log file to troubleshoot further. The log file is stored on Amazon S3 and is 10 GB in size. The application owner will make the log file available to the vendor for a limited time.

What is the MOST secure way to do this?
A . Enable public read on the S3 object and provide the link to the vendor.
B . Upload the file to Amazon WorkDocs and share the public link with the vendor.
C . Generate a presigned URL and have the vendor download the log file before it expires.
D . Create an IAM user for the vendor to provide access to the S3 bucket and the
application. Enforce multifactor
authentication.

View Answer

Answer: C

Explanation:

Share an object with others

All objects by default are private. Only the object owner has permission to access these objects. However, the object owner can optionally share objects with others by creating a presigned URL, using their own security credentials, to grant time-limited permission to download the objects.

When you create a presigned URL for your object, you must provide your security credentials, specify a bucket name, an object key, specify the HTTP method (GET to download the object) and expiration date and time. The presigned URLs are valid only for the specified duration.

Anyone who receives the presigned URL can then access the object. For example, if you have a video in your bucket and both the bucket and the object are private, you can share the video with others by generating a presigned URL.

https://docs.aws.amazon.com/AmazonS3/latest/dev/ShareObjectPreSignedURL.html