Domain 1.1: Secure Access — AWS SAA-C03 Practice Question 06

How to approach this question

Identify how to connect a VPC privately to S3 and how to enforce that connection on the bucket.

Full Answer

Create a VPC endpoint for Amazon S3 in the VPC.<br/>Add a bucket policy to the S3 bucket that denies access unless the aws:sourceVpce condition matches the VPC endpoint.

To restrict S3 bucket access to a specific VPC, you must create a VPC endpoint for S3 and then attach a bucket policy that uses the aws:sourceVpce condition key to deny access from any other source.

Common mistakes

Thinking IAM policies alone can secure the bucket from external access.

A company wants to restrict access to an Amazon S3 bucket so that only requests originating from a specific Amazon Virtual Private Cloud (VPC) are allowed. <br/><br/>Which TWO actions must a solutions architect take to meet this requirement? (Select TWO.)

How to approach this question

Full Answer

Common mistakes

Practice the full AWS SAA-C03 Practice Exam 6

More questions from this exam