SCS-C02 · Question #242
SCS-C02 Question #242: Real Exam Question with Answer & Explanation
The correct answer is D: Limit all actions in the S3 bucket policies by using the aws:SourceVpc condition key with the. To ensure that requests from EC2 instances to Amazon S3 originate from the same VPC where the EC2 instance credentials were issued, you can use the aws:SourceVpc condition key in the S3 bucket policy. This condition ensures that only requests originating from the specified VPC ID
Question
A company runs workloads on Amazon EC2 instances in VPCs The EC2 instances make requests to Amazon S3 buckets through VPC endpoints. The company uses AWS Organizations to manage its AWS accounts. The company needs the requests from the EC2 instances to originate from the same VPC that the EC2 instance credentials were issued to. Which solution will meet this requirement?
Options
- ADeploy an SCP that includes the S3: * action with the "awsSourceVpc": "S
- BEdit the VPC endpoints to include the S3:' action with the "aws:
- CLimit all actions in the S3 bucket policies by using the aws:SourceVpce condition key with the
- DLimit all actions in the S3 bucket policies by using the aws:SourceVpc condition key with the
Explanation
To ensure that requests from EC2 instances to Amazon S3 originate from the same VPC where the EC2 instance credentials were issued, you can use the aws:SourceVpc condition key in the S3 bucket policy. This condition ensures that only requests originating from the specified VPC ID are allowed to access the S3 bucket. Using the aws:SourceVpc condition in the bucket policy effectively limits access to S3 from EC2 instances within the allowed VPC, meeting the requirement for ensuring that requests are made from the same VPC.
Community Discussion
No community discussion yet for this question.