ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Developer - Associate DVA-C02 All Questions

View all questions & answers for the AWS Certified Developer - Associate DVA-C02 exam
Go to Exam

Exam AWS Certified Developer - Associate DVA-C02 topic 1 question 152 discussion

Exam question from Amazon's AWS Certified Developer - Associate DVA-C02
Question #: 152
Topic #: 1
[All AWS Certified Developer - Associate DVA-C02 Questions]

A company has multiple Amazon VPC endpoints in the same VPC. A developer needs to configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints.

Which solution will meet these requirements?

  • A. Create multiple S3 bucket polices by using each VPC endpoint ID that have the aws:SourceVpce value in the StringNotEquals condition.
  • B. Create a single S3 bucket policy that has the aws:SourceVpc value and in the StringNotEquals condition to use VPC ID.
  • C. Create a single S3 bucket policy that has the aws:SourceVpce value and in the StringNotEquals condition to use vpce*.
  • D. Create a single S3 bucket policy that has multiple aws:sourceVpce value in the StringNotEquals condition. Repeat for all the VPC endpoint IDs.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by fordiscussionstwo at Oct. 6, 2023, 1:55 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CrescentShared
Highly Voted 1 year, 5 months ago
I don't think any of the options is correct. Seriously StringNotEquals not StringEquals?
upvoted 7 times
shake76
1 year, 4 months ago
I think the same "A developer needs to configure an Amazon S3 bucket policy so users can access an S3 bucket only by using these VPC endpoints"
upvoted 1 times
vipyodha
1 year, 1 month ago
StringNotEqual is for the deny of outher that mentioned vpce. { "Version": "2012-10-17", "Id": "Policy1415115909152", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::awsexamplebucket1", "arn:aws:s3:::awsexamplebucket1/*"], "Condition": { "StringNotEquals": { "aws:SourceVpce": "vpce-1a2b3c4d" } } } ] }
upvoted 2 times
examtopics111
9 months, 1 week ago
for bucket policy, if vpce isnt explicitly allowed, it's by default denied anyway so it should have been allow string equal vpce?
upvoted 1 times
...
...
...
...
dilleman
Highly Voted 1 year, 6 months ago
Selected Answer: D
C works as well but It is a broad solution I think it's better practice to use D and specify the exact endpoints that the user can access from. "aws:sourceVpce": ["vpce-id1", "vpce-id2", "..."]
upvoted 7 times
...
albert_kuo
Most Recent 7 months, 1 week ago
Selected Answer: D
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyAccessIfNotFromSpecificVPCEndpoints", "Effect": "Deny", "Principal": "*", "Action": "s3:*", "Resource": [ "arn:aws:s3:::your-bucket-name", "arn:aws:s3:::your-bucket-name/*" ], "Condition": { "StringNotEquals": { "aws:SourceVpce": [ "vpce-0123456789abcdef0", "vpce-0fedcba9876543210", "vpce-0a1b2c3d4e5f6a7b8" ] } } } ] }
upvoted 3 times
...
65703c1
11 months, 2 weeks ago
Selected Answer: D
D is the correct answer.
upvoted 1 times
...
KarBiswa
1 year, 2 months ago
Selected Answer: D
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html typically explained the same scenario. D beyond doubt.
upvoted 2 times
...
joshnort
1 year, 3 months ago
Selected Answer: D
D, based on the following documentation: https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html#example-bucket-policies-restrict-accesss-vpc-endpoint
upvoted 1 times
...
CrescentShared
1 year, 3 months ago
Why it's StringNotEquals instead of StringEquals? Is the question wrong or my English is too bad to understand this?
upvoted 2 times
vipyodha
1 year, 1 month ago
It is StringNotEqual, means if source vpce is not this then deny access { "Version": "2012-10-17", "Id": "Policy1415115909152", "Statement": [ { "Sid": "Access-to-specific-VPCE-only", "Principal": "*", "Action": "s3:*", "Effect": "Deny", "Resource": ["arn:aws:s3:::awsexamplebucket1", "arn:aws:s3:::awsexamplebucket1/*"], "Condition": { "StringNotEquals": { "aws:SourceVpce": "vpce-1a2b3c4d" } } } ] }
upvoted 3 times
...
...
SerialiDr
1 year, 3 months ago
Selected Answer: D
This option is the closest to being correct, but it should use StringEquals instead of StringNotEquals. The correct approach is to use a single S3 bucket policy with a condition that includes aws:SourceVpce with StringEquals for the specific VPC endpoint IDs. This will ensure that access is allowed only from those specified endpoints.
upvoted 2 times
...
rrshah83
1 year, 4 months ago
Selected Answer: B
https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies-vpc-endpoint.html#example-bucket-policies-restrict-access-vpc
upvoted 2 times
...
Certified101
1 year, 4 months ago
Selected Answer: D
D is correct
upvoted 1 times
...
PrakashM14
1 year, 6 months ago
Selected Answer: D
in option C : Condition": { "StringNotEqualsIfExists": { "aws:sourceVpce": "vpce*", } } it might Deny access from all VPC endpoints. so the ans is D
upvoted 2 times
ekutas
1 year, 6 months ago
D says "aws:sourceVpce value in the StringNotEquals condition". StringNotEquals won't work, it deny access for specified VPC ids
upvoted 1 times
ekutas
1 year, 6 months ago
Od course if we use "Effect": "Allow"))
upvoted 2 times
...
...
...
Digo30sp
1 year, 6 months ago
Selected Answer: C
The correct answer is (C). Solution (C) is the simplest and will meet the company's requirements. It creates a single S3 bucket policy that has the value aws:SourceVpce and the StringNotEquals condition to use vpce*. This will only allow users who are using a VPC endpoint in the same VPC to access the S3 bucket.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago