AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A company runs its analytics application on Amazon EC2 instances in three private subnets (one in each Availability Zone) within an AWS Region. The instances send about 200 TB of data each month to an Amazon S3 bucket that is in the same Region for long-term storage. Outbound internet traffic for software updates is less than 1 TB per month.
Each private subnet currently uses a NAT gateway that is deployed in the same Availability Zone. Finance reports show that NAT gateway data-processing fees constitute the majority of the monthly network charges.
The instances must remain in private subnets, and the architecture must retain Availability Zone resiliency for the limited internet-bound traffic.
Which action will provide the greatest reduction in monthly cost while meeting all requirements?
Enable S3 Transfer Acceleration on the destination bucket to shorten the upload path from the EC2 instances.
Create a Gateway VPC endpoint for Amazon S3 and associate it with the route tables of the three private subnets so that all S3 traffic bypasses the NAT gateways.
Delete two NAT gateways and route all private subnets through a single NAT gateway to cut hourly charges by two-thirds.
Replace each NAT gateway with an Interface VPC endpoint (AWS PrivateLink) for Amazon S3 in every subnet.
Using a Gateway VPC endpoint for Amazon S3 removes S3 traffic from the NAT path. Gateway endpoints are free of hourly and per-GB data-processing charges, so the 200 TB of monthly S3 traffic no longer accrues NAT gateway fees. Because the endpoint is a Regional resource, you can associate it with the route tables of all three private subnets and keep the existing NAT gateways for the small amount of internet traffic, preserving cross-AZ resiliency.
Enabling S3 Transfer Acceleration would add per-GB charges instead of eliminating them. Interface (PrivateLink) endpoints for S3 carry both hourly and data-processing costs, so they are more expensive than a free gateway endpoint. Consolidating the three NAT gateways into one reduces hourly costs but breaks AZ fault tolerance and still leaves the per-GB data charges in place. Therefore, creating a Gateway VPC endpoint for S3 is the only option that achieves the largest cost reduction without violating any requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Gateway VPC endpoint, and how does it differ from an Interface VPC endpoint?
Open an interactive chat with Bash
Why does using a Gateway VPC endpoint for Amazon S3 eliminate NAT gateway fees?
Open an interactive chat with Bash
Why is consolidating three NAT gateways into one not a good solution in this situation?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Design for New Solutions
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access