An application runs on Amazon EC2 instances in private subnets and needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring traffic does not leave the AWS network?
Choose an answer
Tap an option to check your answer.
Correct answer: Use a VPC endpoint for DynamoDB..
Why this is the answer
A VPC endpoint for DynamoDB is the most secure and efficient solution. It allows EC2 instances in private subnets to connect directly to DynamoDB without traversing the public internet, keeping traffic within the AWS network. This enhances security and reduces latency. Using a NAT Gateway or NAT instance would allow instances in private subnets to access DynamoDB, but this traffic would route through the public internet (even if within AWS's backbone), which is less secure than a direct VPC endpoint. The internet gateway is used for instances in public subnets to access the internet directly, or for private instances to access the internet via a NAT device, which is not the most secure or direct method for accessing DynamoDB from a private subnet.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed