Amazon Exam SOA-C02 Topic 4 Question 110 Discussion

Actual exam question for Amazon's SOA-C02 exam

Question #: 110
Topic #: 4

A company is using Amazon S3 to set up a temporary static website that is public. A SysOps administrator creates an S3 bucket by using the default settings. The SysOps administrator updates the S3 bucket properties to configure static website hosting. The SysOps administrator then uploads objects that contain content for index.html and error.html.

When the SysOps administrator navigates to the website URL. the SysOps administrator receives an HTTP Status Code 403: Forbidden (Access Denied) error.

What should the SysOps administrator do to resolve this error?

ACreate an Amazon Route 53 DNS entry. Point the entry to the S3 bucket.

BEdit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow GetObject access on the S3 bucket.

CEdit the permissions on the index html and error html files for read access

DEdit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow PutObject access on the S3 bucket.

Show Suggested Answer

Suggested Answer: B

Objective:

Resolve the HTTP 403 (Access Denied) error for the public S3 static website.

Root Cause:

By default, S3 buckets are private, and public access is blocked due to the Block Public Access settings.

Additionally, a bucket policy is needed to allow public access to the objects.

Solution Implementation:

Step 1: Turn off Block Public Access:

Navigate to the Permissions tab of the S3 bucket in the AWS Management Console.

Turn off the Block Public Access settings by disabling the following:

Block public access to buckets and objects via ACLs.

Block public access to buckets and objects via bucket policies.

Step 2: Add a Bucket Policy for Public Access:

Add a policy allowing GetObject for public access:

{

'Version': '2012-10-17',

'Statement': [

{

'Effect': 'Allow',

'Principal': '*',

'Action': 's3:GetObject',

'Resource': 'arn:aws:s3:::<bucket-name>/*'

}

]

}

Step 3: Test Access:

Confirm that the website is accessible via the public URL.

AWS Reference:

Block Public Access Settings: S3 Block Public Access

Bucket Policies for Static Websites: Bucket Policy Examples

Why Other Options Are Incorrect:

Option A: Route 53 is not required to resolve the 403 error; the issue is with S3 bucket permissions.

Option C: Editing file permissions alone will not work; bucket permissions must also allow public access.

Option D: PutObject permissions are unnecessary for serving a static website.

by Gregg at Jan 26, 2025, 04:12 AM

Limited Time Offer

25%

Off

Get Premium SOA-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Mozelle

11 days ago

I was about to choose option C, but B makes more sense. The files themselves need read access, but the bucket needs the proper policy to allow public access.

upvoted 0 times

...

Timmy

11 days ago

I believe the key is in creating a bucket policy to allow GetObject access.

upvoted 0 times

...

Lorean

17 days ago

But wouldn't creating an Amazon Route 53 DNS entry also help?

upvoted 0 times

...

1 months ago

The correct answer is B. Turning off the Block Public Access settings and creating a bucket policy to allow GetObject access should resolve the 403 Forbidden error.

upvoted 0 times

Hillary

11 days ago

A) Create an Amazon Route 53 DNS entry. Point the entry to the S3 bucket.

upvoted 0 times

...

Raylene

18 days ago

That makes sense. It's important to configure the permissions correctly for a public website.

upvoted 0 times

...

Lucina

24 days ago

B) Edit the S3 bucket permissions by turning off Block Public Access settings. Create a bucket policy to allow GetObject access on the S3 bucket.

upvoted 0 times

...