A developer is writing a web application that must share secure documents with end users. The documents are stored in a private Amazon S3 bucket. The application must allow only authenticated users to download specific documents when requested, and only for a duration of 15 minutes.
How can the developer meet these requirements?
A. Copy the documents to a separate S3 bucket that has a lifecycle policy for deletion after 15 minutes.
B. Create a presigned S3 URL using the AWS SDK with an expiration time of 15 minutes.
C. Use server-side encryption with AWS KMS managed keys (SSE-KMS) and download the documents using HTTPS.
D. Modify the S3 bucket policy to only allow specific users to download the documents. Revert the change after 15 minutes.
