A company’s website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3. Which solution meets these requirements?
Choose an answer
Tap an option to check your answer.
Correct answer: Set up S3 bucket policies to allow access from a VPC endpoint..
Why this is the answer
The correct solution is to set up S3 bucket policies to allow access from a VPC endpoint. A VPC endpoint for S3 (specifically, a gateway endpoint) provides a private connection from your VPC to S3 without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect. This ensures that traffic between your EC2 instances and S3 remains within the AWS network, meeting the requirement for a private and secure connection. Setting up an IAM policy grants permissions but doesn't establish a private connection. A NAT gateway allows instances in a private subnet to connect to the internet or other AWS services over the public internet, which doesn't meet the private connection requirement. Using access keys provides authentication but also doesn't ensure a private network path.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed