ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Data Engineer - Associate DEA-C01 All Questions

View all questions & answers for the AWS Certified Data Engineer - Associate DEA-C01 exam
Go to Exam

Exam AWS Certified Data Engineer - Associate DEA-C01 topic 1 question 1 discussion

Exam question from Amazon's AWS Certified Data Engineer - Associate DEA-C01
Question #: 1
Topic #: 1
[All AWS Certified Data Engineer - Associate DEA-C01 Questions]

A data engineer is configuring an AWS Glue job to read data from an Amazon S3 bucket. The data engineer has set up the necessary AWS Glue connection details and an associated IAM role. However, when the data engineer attempts to run the AWS Glue job, the data engineer receives an error message that indicates that there are problems with the Amazon S3 VPC gateway endpoint.
The data engineer must resolve the error and connect the AWS Glue job to the S3 bucket.
Which solution will meet this requirement?

  • A. Update the AWS Glue security group to allow inbound traffic from the Amazon S3 VPC gateway endpoint.
  • B. Configure an S3 bucket policy to explicitly grant the AWS Glue job permissions to access the S3 bucket.
  • C. Review the AWS Glue job code to ensure that the AWS Glue connection details include a fully qualified domain name.
  • D. Verify that the VPC's route table includes inbound and outbound routes for the Amazon S3 VPC gateway endpoint.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Aesthet at Feb. 6, 2024, 12:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
HunkyBunky
Highly Voted 7 months, 1 week ago
Selected Answer: D
A - wrong - AWS glue - are serverless service, so it don't have any security groups B - wrong - Because we have error with VPC, not with S3 itself C - wrong - Becuase with S3 - we always have only FQDN for buckets
upvoted 6 times
alexbg88
9 months, 3 weeks ago
they most certainly can have SGs.
upvoted 1 times
...
...
ninomfr64
Most Recent 3 weeks, 5 days ago
Selected Answer: D
A- NO: on SG we just need to allow outbound traffic, as SG i statefull reurn traffic is allowed B - NO: since we configured IAM permission for Glue Job, there is no need to configure a resource-policy (cross account is not mentioned) C- NO: in bucket connection configuration you just need to provide s3://bucket-name/prefix D - YES: although there is no inbound and outbound routes in route table, we need to ensure a route is in place to reach a the VPC Gateway Policy
upvoted 1 times
...
MephiboshethGumani
2 months, 1 week ago
Selected Answer: D
D. Verify that the VPC's route table includes inbound and outbound routes for the Amazon S3 VPC gateway endpoint. Explanation: AWS Glue jobs need to connect to the S3 bucket through the Amazon S3 VPC gateway endpoint when they are in a VPC. If the route table does not have proper inbound and outbound routes to the S3 VPC gateway endpoint, the AWS Glue job will not be able to access S3, which results in an error.
upvoted 1 times
...
wilsonfromnyc9
7 months, 1 week ago
D is valid
upvoted 1 times
...
GiorgioGss
7 months, 1 week ago
Selected Answer: D
Although there is no such thing as "inbound and outbound routes" when we talk about VPC route table, when we define a S3 gateway endpoint we must have proper routes in place. I will go with D.
upvoted 4 times
...
ampersandor
7 months, 2 weeks ago
Selected Answer: D
Be sure that the subnet configured for your AWS Glue connection has an Amazon S3 VPC gateway endpoint or a route to a NAT gateway in the subnet's route table.
upvoted 2 times
...
GZMartinelli
7 months, 4 weeks ago
Selected Answer: D
D is correct
upvoted 1 times
...
lunachi4
9 months, 2 weeks ago
Selected Answer: D
I think D. We check "VPC's route table"
upvoted 1 times
...
teo2157
10 months ago
Selected Answer: C
A - wrong - AWS glue doesn't have any security groups B - wrong - You can´t give permissions in the S3 to the AWS glue job but to the role D. wrong because there has to be a definend route for the S3 gateway endpoint in the subnet assigned to the glue job but not in the VPC's route table and also route tables doesn´t have inbound and outbound routes.
upvoted 1 times
shammous
7 months, 4 weeks ago
"route tables don´t have inbound and outbound routes."? It does. You need to check how the VPC works in AWS.
upvoted 2 times
...
...
nanaw770
11 months ago
Selected Answer: D
D is correct answer.
upvoted 2 times
...
tgv
11 months, 1 week ago
I will go with D, the other options don't seem to be related.
upvoted 1 times
...
VerRi
11 months, 2 weeks ago
Selected Answer: D
"problems with the Amazon S3 VPC gateway endpoint"
upvoted 2 times
...
damaldon
1 year, 2 months ago
Go with A: If you receive an error, check the following: The correct privileges are provided to the role selected. The correct Amazon S3 bucket is provided. The security groups and Network ACL allow the required incoming and outgoing traffic. The VPC you specified is connected to an Amazon S3 VPC endpoint.
upvoted 1 times
...
Aesthet
1 year, 2 months ago
some relevant info: main: https://docs.aws.amazon.com/glue/latest/dg/connection-VPC-disable-proxy.html additional (glue crawler instead of glue job here, but I think this is relevant for both): https://docs.aws.amazon.com/glue/latest/dg/connection-S3-VPC.html
upvoted 2 times
...
Aesthet
1 year, 2 months ago
Both ChatGPT and I agree with D
upvoted 4 times
DevoteamAnalytix
1 year ago
:-)) nice
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago