Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 304 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02

Question #: 304
Topic #: 1

[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company's website hosted on Amazon EC2 instances processes classified data stored in Amazon S3. Due to security concerns, the company requires a private and secure connection between its EC2 resources and Amazon S3.
Which solution meets these requirements?

A. Set up S3 bucket policies to allow access from a VPC endpoint.
B. Set up an IAM policy to grant read-write access to the S3 bucket.
C. Set up a NAT gateway to access resources outside the private subnet.
D. Set up an access key ID and a secret access key to access the S3 bucket.

Show Suggested Answer

Suggested Answer: A 🗳️
Reference:
https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-overview.html

by toto059 at Feb. 2, 2021, 1:14 p.m.

Disclaimers:

- ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Submit Cancel

DrCloud

Highly Voted 3 years, 7 months ago

Ans: A https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies-vpc-endpoint.html

upvoted 26 times

dave0808

3 years, 6 months ago

A, for sure: "Consider VPC endpoints for Amazon S3 access A VPC endpoint for Amazon S3 is a logical entity within an virtual private cloud (VPC) that allows connectivity only to Amazon S3. You can use Amazon S3 bucket policies to control access to buckets from specific VPC endpoints, or specific VPCs. A VPC endpoint can help prevent traffic from potentially traversing the open internet and being subject to open internet environment."

upvoted 22 times