Domain 1.2: Secure Workloads — AWS SAA-C03 Practice Question 16

How to approach this question

Identify the need for a Gateway Endpoint for DynamoDB and the use of Endpoint Policies for resource restriction.

Full Answer

C.Create a Gateway VPC Endpoint for DynamoDB and attach an endpoint policy that allows access only to the specific table.✓ Correct

Gateway VPC Endpoints allow private access to DynamoDB without the internet. VPC Endpoint Policies are IAM resource policies attached to the endpoint that can restrict access to specific DynamoDB tables.

Common mistakes

Thinking DynamoDB uses Interface Endpoints (PrivateLink). It uses Gateway Endpoints.

An application in a private subnet needs to access an Amazon DynamoDB table. Traffic must not traverse the public internet. The security team requires that the application can ONLY access one specific DynamoDB table. How should this be implemented?

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 5

More questions from this exam