SOA-C02 · Question #623
SOA-C02 Question #623: Real Exam Question with Answer & Explanation
The correct answer is C: Update the EC2 subnet route table to include the S3 prefix list destination routes to the S3. When using an S3 gateway endpoint, it is essential to update the VPC's subnet route tables with a route that directs traffic destined for Amazon S3 to the endpoint using the S3 prefix list. Without this route, the traffic from the private subnet might not reach S3 since the subne
Question
A SysOps administrator configures an Amazon S3 gateway endpoint in a VPC. The private subnets inside the VPC do not have outbound internet access. A user logs in to an Amazon EC2 instance in one of the private subnets and cannot upload a file to an Amazon S3 bucket in the same AWS Region. Which solution will solve this problem?
Options
- AUpdate the EC2 instance role policy to include s3:PutObject access to the target S3 bucket.
- BUpdate the EC2 security group to allow outbound traffic to 0.0.0.0/0 for port 80.
- CUpdate the EC2 subnet route table to include the S3 prefix list destination routes to the S3
- DUpdate the S3 bucket policy to allow s3:PutObject access from the private subnet CIDR block.
Explanation
When using an S3 gateway endpoint, it is essential to update the VPC's subnet route tables with a route that directs traffic destined for Amazon S3 to the endpoint using the S3 prefix list. Without this route, the traffic from the private subnet might not reach S3 since the subnets lack outbound internet access. Adjusting the route table ensures that all S3-bound traffic is correctly routed via the gateway endpoint.
Community Discussion
No community discussion yet for this question.