AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A team is building a workflow orchestration solution that uses AWS Step Functions to coordinate multiple AWS Lambda functions. All Lambda functions run in private subnets of a VPC that currently has no internet gateway, NAT gateway, or VPN. During execution, the functions must routinely:
Upload and download several terabytes of data per day from Amazon S3 buckets in the same AWS Region.
Send StartExecution, SendTaskHeartbeat, and DescribeExecution calls to Step Functions APIs.
The architects must keep all traffic on the AWS global network path, avoid adding managed NAT gateways, and minimize ongoing data-processing charges.
Which solution meets these requirements with the lowest ongoing data-processing cost?
Create a gateway VPC endpoint for Amazon S3 and an interface VPC endpoint for AWS Step Functions in the application VPC. Associate the gateway endpoint with the private-subnet route tables and enable Private DNS on the interface endpoint.
Create interface VPC endpoints for both Amazon S3 and AWS Step Functions in the application VPC and enable Private DNS on each endpoint.
Deploy a managed NAT gateway in each Availability Zone and route S3 and Step Functions traffic to the services' public endpoints through the NAT gateways.
Attach the VPC to an AWS Transit Gateway that connects to a shared services VPC containing a single interface VPC endpoint for Amazon S3 and AWS Step Functions.
Amazon S3 can be accessed through either a gateway VPC endpoint or an interface VPC endpoint. Gateway endpoints are free of hourly and per-GB data-processing charges, while interface endpoints incur both. Only Amazon S3 and DynamoDB support gateway endpoints; all other AWS services-including AWS Step Functions-require interface endpoints for private connectivity. Therefore, provisioning a gateway endpoint for S3 eliminates NAT charges and interface-endpoint data-processing fees for high-volume S3 transfers, while an interface VPC endpoint for Step Functions keeps workflow API calls inside the AWS network without an internet gateway. Solutions that use interface endpoints for S3, NAT gateways, or a centralized Transit Gateway add hourly and per-GB processing costs that the requirement explicitly seeks to avoid.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between a gateway VPC endpoint and an interface VPC endpoint?
Open an interactive chat with Bash
Why does this solution choose a gateway VPC endpoint for S3 and an interface VPC endpoint for Step Functions?
Open an interactive chat with Bash
How does enabling Private DNS on an interface VPC endpoint improve the solution?
Open an interactive chat with Bash
AWS Certified Solutions Architect Professional SAP-C02
Design Solutions for Organizational Complexity
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access