An application running on EC2 instances in a private subnet needs to upload large files to Amazon S3. The security team dictates that this traffic must not traverse the public internet.<br/><br/>How should a solutions architect configure the network?

Answer options:

Deploy a NAT Gateway in a public subnet and route S3 traffic through it.

Create a Gateway VPC Endpoint for Amazon S3 and update the private subnet route table.

Set up an AWS Direct Connect connection to Amazon S3.

Use an Internet Gateway and attach an Elastic IP to the EC2 instances.

How to approach this question

Identify the mechanism for private AWS service access from a VPC.

B.Create a Gateway VPC Endpoint for Amazon S3 and update the private subnet route table.✓ Correct

Create a Gateway VPC Endpoint for Amazon S3 and update the private subnet route table.

Gateway VPC Endpoints provide reliable connectivity to Amazon S3 and DynamoDB without requiring an internet gateway or a NAT device for your VPC.

Choosing NAT Gateway, which uses the public internet to reach AWS public endpoints.

65 questions · hints · full answers · grading