A company has an application running on Amazon EC2 instances in a private subnet. The application needs to securely access Amazon S3 to download configuration files. The security team dictates that traffic between the EC2 instances and S3 must not traverse the public internet. <br/><br/>Which solution meets these requirements MOST cost-effectively?

Answer options:

Deploy a NAT Gateway in a public subnet and route S3 traffic through it.

Create an Interface VPC Endpoint (AWS PrivateLink) for Amazon S3.

Create a Gateway VPC Endpoint for Amazon S3 and update the route table.

Set up an AWS Direct Connect connection between the VPC and Amazon S3.

How to approach this question

Identify the service that provides private access to S3 without hourly charges.

Full Answer

C.Create a Gateway VPC Endpoint for Amazon S3 and update the route table.✓ Correct

Create a Gateway VPC Endpoint for Amazon S3 and update the route table.

A Gateway VPC Endpoint provides reliable connectivity to Amazon S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC. Gateway endpoints do not incur hourly billing charges.

Common mistakes

Selecting Interface Endpoint (PrivateLink) which costs money, or NAT Gateway which uses the public internet.

Question 10 All questions Question 12

Practice the full AWS SAA-C03 Practice Exam 4

65 questions · hints · full answers · grading

More questions from this exam

Q01A company has multiple AWS accounts in an AWS Organizations organization. The security team wants...Medium Q02An application running on Amazon EC2 instances needs to access an Amazon DynamoDB table. Both res...Easy Q03A company is designing a web application that will be hosted on AWS. The application will use an ...Medium Q04A company is building a mobile app that requires users to authenticate using their social media a...Hard Q05A solutions architect is designing a VPC for a three-tier web application. The database tier must...Medium

View all 65 questions →