A solutions architect needs to ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet. What should the solutions architect do to accomplish this? (Choose two.)
A.
Create a route table entry for the endpoint.
B.
Create a gateway endpoint for DynamoDB.
C.
Create a new DynamoDB table that uses the endpoint.
D.
Create an ENI for the endpoint in each of the subnets of the VPC.
E.
Create a security group entry in the default security group to provide access.
you dont receive feedback per questions, so you dont actually know if your answer to this question was correct. A is incorrect because when you create the gateway endpoint, the route entry is created automatically for you
Answer A and B
Clue - VPC Gateway endpoint is the answer when you want to access the service within AWS without going to internet. when you use VPC gateway endpoint, you will have to create route table entries.
Ans should be AD
API Private Endpoint :
• Can only be accessed from your VPC using an interface VPC endpoint (ENI)
• Use a resource policy to define access
gateway endpoint automatically creates the route entry. Interface endpoints - you select the subnets and ENIs are create automatically. so only logical answers are
To ensure that API calls to Amazon DynamoDB from Amazon EC2 instances in a VPC do not traverse the internet, a solutions architect can do the following:
Create an Amazon VPC endpoint for DynamoDB in the VPC using the Amazon VPC endpoint service.
Create a Route Table in the VPC, and add a rule to the Route Table that sends traffic destined to the Amazon DynamoDB service to the VPC endpoint.
Associate the Route Table with the subnets that contain the EC2 instances making API calls to DynamoDB.
This will ensure that all API calls to DynamoDB from the EC2 instances are routed through the VPC endpoint and do not traverse the internet, thereby maintaining the security and privacy of the data.
Seems that people misunderstand what public IP of gateway endpoints means in this situation. It says it cannot traverse the internet, which is ensured by using gateway endpoints which allow traffic with AWS network only.
this is clear, ; Interface: provisions an ENI (private IP address) as an entry point (must
attach security group) – most AWS services
• Gateway: provisions a target and must be used in a route table – S3 and
DynamoDB
Explanation:
Amazon DynamoDB and Amazon S3 support gateway endpoints, not interface endpoints. With a
gateway endpoint you create the endpoint in the VPC, attach a policy allowing access to the service,
and then specify the route table to create a route table entry in.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Kossa
Highly Voted 3 years, 9 months agoaguy9
3 years, 8 months agoexamprepuser
Highly Voted 3 years, 9 months agoslackbot
2 years agogacaavi
1 year, 8 months ago48cd959
Most Recent 1 year, 3 months agoJackyCCK
1 year, 3 months agoslackbot
2 years agoslackbot
2 years agoBATSIE
2 years, 4 months agovincentfer
2 years, 7 months agoretne
2 years, 7 months agobikshu
2 years, 10 months agoxai1
2 years, 11 months agodownlinkvip
3 years, 6 months agojj22222
3 years, 6 months agocdeavila
3 years, 8 months agoesinan
3 years, 2 months agoSSMBLR
3 years, 8 months agopatriktre
3 years, 8 months agokarthisena
3 years, 8 months agowoke
3 years, 8 months agoHeyang
3 years, 8 months ago