Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 20 discussion

B Gateway Endpoint https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-s3.html

Can't be interface endpoint as there is no interface endpoint for S3 or DynamoDB. Gateway endpoint is only applicable for S3 and Dynamo DB.

Answer B , S3 gateway Endpoint. Clue - VPC gateway endpoint are used to connect any service without internet. Gateway endpoints are cheaper. S3 Interface endpoint can be used, but they are costly and they give more flexibility like connecting to multiple services which is not desired here.

An S3 interface endpoint allows EC2 instances in your VPC to communicate with S3 without needing to traverse the internet. Instead, traffic flows through the AWS network backbone. This helps maintain security by keeping the traffic within the AWS network and not exposing it to the public internet. Therefore, option A is the correct choice.

Option A https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3

gateway endpoint is the solution when need to connect with in the VPC and interface endpoint from om-premise or outside.

A interface endpoint is right

A. Configure an S3 interface endpoint. By configuring an S3 interface endpoint, you can establish a private connection between your VPC and Amazon S3 without requiring internet access. The S3 interface endpoint enables the EC2 instances within the VPC to communicate with Amazon S3 securely and efficiently, using private IP addresses. This ensures that the traffic stays within the VPC and does not traverse the internet, aligning with the company’s security policies.

You can use two types of VPC endpoints to access Amazon S3: gateway endpoints and interface endpoints (using AWS PrivateLink). A gateway endpoint is a gateway that you specify in your route table to access Amazon S3 from your VPC over the AWS network. Interface endpoints extend the functionality of gateway endpoints by using private IP addresses to route requests to Amazon S3 from within your VPC, on premises, or from a VPC in another AWS Region https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3

Should be B. In the definition of gateway endpoint, it says "A gateway endpoint is a gateway that you specify in your route table to access Amazon S3 from your VPC over the AWS network." So although public ip address, still over AWS network.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3

Amazon S3 intrface Use Amazon S3 Gateway public IP addresses Use private IP addresses from your VPC to access Amazon S3 intrface

The correct answer is A Interface Endpoint. Gateway Load Balancer endpoint is used to load balance traffic sent to nextgen firewall, WAF, IDS or IPS appliances. https://www.youtube.com/watch?v=5EVDX_9Vucc

B is correct

A is correct. Gateway endpoints for Amazon S3 = Use Amazon S3 public IP addresses. | Interface endpoints for Amazon S3= Use private IP addresses from your VPC to access Amazon S3.

B is the correct answer

Use Gateway Endpoint if the AWS service is either DynamoDB or S3. Use Interface Endpoint for everything else.