ExpertAWS SAP-C02 · Question 05 · Domain 1.1: Network Connectivity
A company requires that all API calls to Amazon S3 from their VPC must not traverse the public internet. Furthermore, access to S3 must be restricted to only a specific S3 bucket owned by the company. How should the architect implement this?
A company requires that all API calls to Amazon S3 from their VPC must not traverse the public internet. Furthermore, access to S3 must be restricted to only a specific S3 bucket owned by the company. How should the architect implement this?
Answer options:
Create a VPC Interface Endpoint for S3. Use a security group to restrict access to the bucket.
Create a VPC Gateway Endpoint for S3. Attach an endpoint policy that allows access only to the specific S3 bucket ARN.
Route S3 traffic through a NAT Gateway and use an IAM policy on the EC2 instances to restrict bucket access.
Enable S3 Block Public Access on the bucket and use an Internet Gateway.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 6
75 questions · hints · full answers · grading