Apresigned URLallows temporary access to a specific object in an S3 bucket without needing to make the bucket public or creating and managing additional IAM users. The URL is time-limited, and permissions are granted only to the specific object (in this case, the annual report), making it a highly secure and operationally efficient solution.
With a presigned URL, the consultant can access the report for the specified duration (7 days), after which the URL will expire automatically, removing the need for manual intervention to revoke access.
AWS References:
Amazon S3 Presigned URLsexplain how to generate a presigned URL to grant temporary access to S3 objects.
Best Practices for S3 Securityemphasize using presigned URLs for sharing temporary access to S3 objects securely.
Why the other options are incorrect:
A. Public static website: This approach involves making the S3 bucket publicly accessible, which is unnecessary and insecure for sensitive data.
B. Enable public access: Granting public access to the entire bucket, even temporarily, is a security risk and violates best practices.
C. Create an IAM user: Creating an IAM user and managing credentials is unnecessary overhead and less secure compared to a presigned URL for this short-term need.
