During a cloud security assessment, you discover that a public Amazon S3 bucket is configured for static-website hosting and is reachable only through plain HTTP. Company policy mandates that all web content must be delivered over HTTPS, but the development team cannot update application code or URLs. Which AWS-provided control offers the simplest way to meet the HTTPS-only requirement while keeping the existing site structure intact?
Enable server-side encryption with a customer-managed KMS key on the bucket.
Attach a bucket policy that denies access whenever the request's aws:SecureTransport condition evaluates to false.
Activate S3 versioning and enforce MFA Delete on the bucket.
Deploy an Amazon CloudFront distribution in front of the bucket, enable Origin Access Control, and set the viewer protocol policy to redirect HTTP to HTTPS.
Amazon S3 website endpoints do not support HTTPS. The shortest path to enforce HTTPS without touching application code or URLs is to place an Amazon CloudFront distribution in front of the bucket, configure a viewer protocol policy that redirects HTTP requests to HTTPS, and use Origin Access Control (or an Origin Access Identity) so objects are served only through CloudFront. Bucket policies, server-side encryption, versioning with MFA Delete, and cross-region replication do not convert the website endpoint to HTTPS or prevent direct HTTP access.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Amazon CloudFront and how does it enforce HTTPS?
Open an interactive chat with Bash
What is Origin Access Control and why is it used in this solution?
Open an interactive chat with Bash
Why can't S3 buckets directly use HTTPS for website endpoints?
Open an interactive chat with Bash
What is Amazon CloudFront?
Open an interactive chat with Bash
What is Origin Access Control (OAC) in Amazon CloudFront?
Open an interactive chat with Bash
Why can't Amazon S3 website endpoints support HTTPS?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cloud Computing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .