AWS Certified Solutions Architect Associate SAA-C03 Practice Question
A company wants its EC2 instances in a private subnet to access Amazon S3 while ensuring that this traffic does not go through the public Internet. As a Solutions Architect, what is the BEST solution to meet this requirement?
Create a VPC Gateway Endpoint for Amazon S3 and update the route table of the private subnet.
Establish a VPN connection between the private subnet and Amazon S3.
Set up a NAT Gateway in a public subnet and configure the private subnet's route table accordingly.
Associate an Internet Gateway with the VPC to enable Internet access.
Creating a VPC Gateway Endpoint for Amazon S3 enables instances in a private subnet to connect directly to Amazon S3 without using the public Internet. This traffic remains within the AWS network, enhancing security and reducing latency. Using a NAT Gateway allows instances to access the Internet but does not ensure that traffic to Amazon S3 stays within AWS backbone. Setting up a VPN connection to Amazon S3 is not possible, as Amazon S3 does not support VPN connections. Associating an Internet Gateway provides Internet access to the VPC but does not keep the traffic within the AWS network.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a VPC Gateway Endpoint and how does it work?
Open an interactive chat with Bash
Why is it important for traffic to remain within the AWS network when accessing S3?
Open an interactive chat with Bash
What are the limitations of a NAT Gateway for accessing S3 from a private subnet?