SAA-C03 · Question #31
SAA-C03 Question #31: Real Exam Question with Answer & Explanation
The correct answer is A: Create a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance. The company needs EC2 instances within a VPC to securely access only their S3 buckets without traversing the public internet, minimizing operational overhead.
Question
A company hosts its application on several Amazon EC2 instances inside a VPC. The company creates a dedicated Amazon S3 bucket for each customer to store their relevant information in Amazon S3. The company wants to ensure that the application running on EC2 instances can securely access only the S3 buckets that belong to the company's AWS account. Which solution will meet these requirements with the LEAST operational overhead?
Options
- ACreate a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance
- BCreate a NAT gateway in a public subnet with a security group that allows access to only Amazon
- CCreate a gateway endpoint for Amazon S3 that is attached to the VPC Update the IAM instance
- DCreate a NAT Gateway in a public subnet Update route tables to use the NAT Gateway Assign
Explanation
The company needs EC2 instances within a VPC to securely access only their S3 buckets without traversing the public internet, minimizing operational overhead.
Common mistakes.
- B. A NAT Gateway routes traffic to the public internet, which is not necessary for internal S3 access via a gateway endpoint and would incur higher costs and more complex security group management.
Concept tested. S3 Gateway Endpoints for secure, private access
Reference. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html
Community Discussion
No community discussion yet for this question.