ExpertMedium1 markMultiple Choice
AWS SAA-C03 · Question 11 · Domain 1.2: Secure Workloads
An application running on EC2 instances in a private subnet needs to upload large files to Amazon S3. The security team dictates that this traffic must not traverse the public internet.<br/><br/>How should a solutions architect configure the network?
An application running on EC2 instances in a private subnet needs to upload large files to Amazon S3. The security team dictates that this traffic must not traverse the public internet.<br/><br/>How should a solutions architect configure the network?
Answer options:
A.
Deploy a NAT Gateway in a public subnet and route S3 traffic through it.
B.
Create a Gateway VPC Endpoint for Amazon S3 and update the private subnet route table.
C.
Set up an AWS Direct Connect connection to Amazon S3.
D.
Use an Internet Gateway and attach an Elastic IP to the EC2 instances.
How to approach this question
Identify the mechanism for private AWS service access from a VPC.
Full Answer
B.Create a Gateway VPC Endpoint for Amazon S3 and update the private subnet route table.✓ Correct
Gateway VPC Endpoints provide reliable connectivity to Amazon S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC.
Common mistakes
Choosing NAT Gateway, which uses the public internet to reach AWS public endpoints.
Practice the full AWS SAA-C03 Practice Exam 6
65 questions · hints · full answers · grading
More questions from this exam
Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...MediumQ02A company has two AWS accounts: Account A for development and Account B for production. Developer...MediumQ03A mobile application needs to authenticate users using their social media accounts (Facebook, Goo...EasyQ04A company is running an application on Amazon EC2 instances. The application needs to connect to ...MediumQ05A company has 50 AWS accounts managed by AWS Organizations. The IT team wants to implement a cent...Easy