An SAP administrator needs to provide temporary, time-limited access to an S3 bucket containing SAP backup files for an external auditor. The auditor should be able to download files from the bucket. Which method provides the most secure way to grant access?
Presigned URLs are time-limited and scoped to specific objects.
Why this answer
Option C is correct: Generate a presigned URL that provides temporary access to a specific object. It is secure because permissions are time-limited and scoped to a single object. Option A is wrong: Creating an IAM user for the auditor is not time-limited and requires managing credentials.
Option B is wrong: Making the bucket public is insecure. Option D is wrong: Sharing AWS credentials is a security risk.