Amazon Exam SOA-C02 Topic 4 Question 110 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 110
Topic #: 4

A company is using Amazon S3 to set up a temporary static website that is public. A SysOps administrator creates an S3 bucket by using the default settings. The SysOps administrator updates the S3 bucket properties to configure static website hosting. The SysOps administrator then uploads objects that contain content for index.html and error.html.

When the SysOps administrator navigates to the website URL. the SysOps administrator receives an HTTP Status Code 403: Forbidden (Access Denied) error.

What should the SysOps administrator do to resolve this error?

ACreate an Amazon Route 53 DNS entry. Point the entry to the S3 bucket.

BEdit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow GetObject access on the S3 bucket.

CEdit the permissions on the index html and error html files for read access

DEdit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow PutObject access on the S3 bucket.

Show Suggested Answer

Suggested Answer: B

Objective:

Resolve the HTTP 403 (Access Denied) error for the public S3 static website.

Root Cause:

By default, S3 buckets are private, and public access is blocked due to the Block Public Access settings.

Additionally, a bucket policy is needed to allow public access to the objects.

Solution Implementation:

Step 1: Turn off Block Public Access:

Navigate to the Permissions tab of the S3 bucket in the AWS Management Console.

Turn off the Block Public Access settings by disabling the following:

Block public access to buckets and objects via ACLs.

Block public access to buckets and objects via bucket policies.

Step 2: Add a Bucket Policy for Public Access:

Add a policy allowing GetObject for public access:

{

'Version': '2012-10-17',

'Statement': [

{

'Effect': 'Allow',

'Principal': '*',

'Action': 's3:GetObject',

'Resource': 'arn:aws:s3:::<bucket-name>/*'

}

]

}

Step 3: Test Access:

Confirm that the website is accessible via the public URL.

AWS Reference:

Block Public Access Settings: S3 Block Public Access

Bucket Policies for Static Websites: Bucket Policy Examples

Why Other Options Are Incorrect:

Option A: Route 53 is not required to resolve the 403 error; the issue is with S3 bucket permissions.

Option C: Editing file permissions alone will not work; bucket permissions must also allow public access.

Option D: PutObject permissions are unnecessary for serving a static website.

by Gregg at Jan 26, 2025, 04:12 AM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!