A company is using AWS to run a long-running analysis process on data that is stored in Amazon S3 buckets. The process runs on a fleet of Amazon EC2 instances that are in an Auto Scaling group. The EC2 instances are deployed in a private subnet of a VPC that does not have internet access. The EC2 instances and the S3 buckets are in the same AWS account.
The EC2 instances access the S3 buckets through an S3 gateway endpoint that has the default access policy. Each EC2 instance is associated with an instance profile role that has a policy that explicitly allows the s3:GetObject action and the s3:PutObject action for only the required S3 buckets.
The company learns that one or more of the EC2 instances are compromised and are exfiltrating data to an S3 bucket that is outside the company's organization in AWS Organizations. A security engineer must implement a solution to stop this exfiltration of data and to keep the EC2 processing job functional.
Which solution will meet these requirements?
kejam
Highly Voted 8 months, 2 weeks agoNoCrapEva
5 months, 2 weeks agoAgboolaKun
8 months, 2 weeks agoRaphaello
5 months, 1 week ago100fold
Highly Voted 9 months, 1 week agoicecool36
Most Recent 2 months, 2 weeks ago9bb8cb3
3 months agoion_gee
3 months, 3 weeks agoNoexperience
4 months, 3 weeks agobkbaws
4 months, 4 weeks agoRaphaello
5 months, 2 weeks agoLazyAutonomy
5 months, 3 weeks agoLazyAutonomy
5 months, 3 weeks agomark16dc
5 months, 3 weeks agoRNan
6 months, 3 weeks agoDaniel76
6 months, 3 weeks agoDebbieB67
7 months agoyorkicurke
7 months, 1 week agoOralinux
7 months, 1 week ago1c7c461
7 months, 2 weeks agoWeepingMaplte
7 months, 2 weeks ago