SAP-C02 第 378 题
题目
A company has a web application that securely uploads pictures and videos to an Amazon S3 bucket. The company requires that only authenticated users are allowed to post content. The application generates a presigned URL that is used to upload objects through a browser interface. Most users are reporting slow upload times for objects larger than 100 MB. What can a solutions architect do to improve the performance of these uploads while ensuring only authenticated users are allowed to post content?
中文翻译:
一家公司有一个 Web 应用程序,可以将图片和视频安全上传到 Amazon S3 存储桶。该公司要求只有经过身份验证的用户才可以发布内容。该应用程序生成一个预签名 URL,用于通过浏览器界面上传对象。大多数用户报告大于 100 MB 的对象上传速度缓慢。解决方案架构师可以采取哪些措施来提高这些上传的性能,同时确保只允许经过身份验证的用户发布内容?
选项
A. Set up an Amazon API Gateway with an edge-optimized API endpoint that has a resource as an S3 service proxy. Configure the PUT method for this resource to expose the S3 PutObject operation. Secure the API Gateway using a COGNITO_USER_POOLS authorizer. Have the browser interface use API Gateway instead of the presigned URL to upload objects.
中文翻译:
设置具有边缘优化 API 终端节点的 Amazon API Gateway,该终端节点具有作为 S3 服务代理的资源。配置此资源的 PUT 方法以公开 S3 PutObject 操作。使用 COGNITO_USER_POOLS 授权者保护 API 网关。让浏览器界面使用 API Gateway 而不是预签名 URL 来上传对象。
B. Set up an Amazon API Gateway with a regional API endpoint that has a resource as an S3 service proxy. Configure the PUT method for this resource to expose the S3 PutObject operation. Secure the API Gateway using an AWS Lambda authorizer. Have the browser interface use API Gateway instead of the presigned URL to upload objects.
中文翻译:
设置具有区域 API 终端节点的 Amazon API Gateway,该终端节点具有作为 S3 服务代理的资源。配置此资源的 PUT 方法以公开 S3 PutObject 操作。使用 AWS Lambda 授权者保护 API Gateway。让浏览器界面使用 API Gateway 而不是预签名 URL 来上传对象。
C. Enable an S3 Transfer Acceleration endpoint on the S3 bucket. Use the endpoint when generating the presigned URL. Have the browser interface upload the objects to this URL using the S3 multipart upload API.
中文翻译:
在 S3 存储桶上启用 S3 传输加速终端节点。生成预签名 URL 时使用端点。让浏览器界面使用 S3 分段上传 API 将对象上传到此 URL。
D. Configure an Amazon CloudFront distribution for the destination S3 bucket. Enable PUT and POST methods for the CloudFront cache behavior. Update the CloudFront origin to use an origin access identity (OAI). Give the OAI user 3: PutObject permissions in the bucket policy. Have the browser interface upload objects using the CloudFront distribution.
中文翻译:
为目标 S3 存储桶配置 Amazon CloudFront 分配。为 CloudFront 缓存行为启用 PUT 和 POST 方法。更新 CloudFront 源以使用源访问身份 (OAI)。在存储桶策略中为 OAI 用户授予 3: PutObject 权限。让浏览器界面使用 CloudFront 分配上传对象。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 在 S3 存储桶上启用 S3 传输加速终端节点。生成预签名 URL 时使用端点。让浏览器界面使用 S3 分段上传 API 将对象上传到此 URL。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:API Gate...