AWS Certified Solutions Architect Associate SAA-C03 Practice Question
An organization needs to ensure that its compute instances, which handle sensitive data in an isolated environment, have the ability to securely access object storage without the data traveling over the internet. Which configuration aligns with these stringent security requirements?
Install a NAT device in the isolated environment to route traffic to the object storage.
Set up a VPN connection from the compute instances to the object storage service.
Allocate public IP addresses to the compute instances for internet access to the object storage.
Provision a service-specific gateway within the isolated environment for direct object storage access.
Implementing a gateway that directly connects the isolated environment to the object storage service via private networking ensures that the data does not traverse the public internet, thereby maintaining a high security posture. This gateway referred to as an endpoint specific to a service, allows for private communication between the network where the instances are hosted and the object storage service. Utilizing public IP addresses, NAT devices, or VPN connections would not satisfy the condition of keeping all traffic within the private network infrastructure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a service-specific gateway in AWS?
Open an interactive chat with Bash
Why is it important to keep data from traveling over the internet?
Open an interactive chat with Bash
What are the limitations of using public IP addresses for sensitive data access?