AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
An application runs in three isolated (private, no internet) subnets of a VPC. The instances reach Amazon S3 through a NAT gateway in a public subnet, generating high data-processing charges. You must ensure the instances continue to reach S3 but no longer traverse the NAT gateway, without exposing them to the internet. Which change to the route tables meets these requirements?
Create an interface VPC endpoint for Amazon S3 and update the instances hosts files to resolve the endpoint's DNS name.
Add a route with the S3 prefix list destination that targets a newly created S3 gateway endpoint in the route table associated with the isolated subnets.
Replace the NAT gateway with an egress-only internet gateway and add a ::/0 IPv6 default route in the existing route tables.
Associate the isolated subnets with the public route table that already has a 0.0.0.0/0 route to the internet gateway.
Creating a gateway VPC endpoint for Amazon S3 and adding its route to the isolated subnets' route table directs all S3 traffic to the endpoint. The route entry uses the AWS-provided S3 prefix list as the destination and the endpoint ID as the target. Because this route is more specific than the 0.0.0.0/0 NAT route, only S3 traffic is redirected, eliminating NAT data-processing charges while maintaining private connectivity. Pointing the subnets to an internet gateway would expose them publicly. Using an interface endpoint is unnecessary for S3 object access and incurs additional hourly and data charges. An egress-only internet gateway handles only IPv6 traffic and still sends traffic over the public internet, failing to meet the requirement.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a gateway VPC endpoint in AWS?
Open an interactive chat with Bash
How does an S3 prefix list help in route table configuration?
Open an interactive chat with Bash
What is the difference between a gateway endpoint and an interface VPC endpoint?
Open an interactive chat with Bash
What is a VPC endpoint, and how does it work?
Open an interactive chat with Bash
What is an S3 prefix list, and why is it used in this setup?
Open an interactive chat with Bash
What is the difference between a gateway endpoint and an interface endpoint?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Networking and Content Delivery
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .