A company requires that all access from on-premises applications to AWS services go over its AWS Direct Connect connection rather than the public internet. How would a SysOps Administrator implement this requirement?
A.
Implement an IAM policy that uses the aws:sourceConnection condition to allow access from the AWS Direct Connect connection ID only
B.
Set up a public virtual interface on the AWS Direct Connect connection
C.
Configure AWS Shield to protect the AWS Management Console from being accessed by IP addresses other than those within the data center ranges
D.
Update all the VPC network ACLs to allow access from the data center IP ranges
It should be B. Please see https://aws.amazon.com/directconnect/faqs/
Through Direct Connect, customer traffic will remain in Amazon's backbone network after it enters it. Therefore, prefixes of CloudFront locations that are not on the Amazon backbone network will not be advertised through Direct Connect. You can also find more details about IP prefixes advertised on <b> AWS Direct Connect public virtual interfaces here </b>. You can also refer to this link to know more about Direct Connect routing policy.
Also https://forums.aws.amazon.com/ann.jspa?annID=2391
AWS Direct Connect is a dedicated network connection that provides a private and secure link between on-premises infrastructure and AWS services. To ensure that all access from on-premises applications routes through the Direct Connect connection, you need to set up a virtual interface specifically designed for this purpose.
By setting up a public virtual interface, you establish a direct connection to public AWS services. This virtual interface is then linked to the Direct Connect connection, allowing traffic from on-premises applications to flow through the Direct Connect connection and directly access public AWS services without traversing the public internet.
It should be B. Please see https://aws.amazon.com/directconnect/faqs/
Through Direct Connect, customer traffic will remain in Amazon's backbone network after it enters it. Therefore, prefixes of CloudFront locations that are not on the Amazon backbone network will not be advertised through Direct Connect. You can also find more details about IP prefixes advertised on <b> AWS Direct Connect public virtual interfaces here </b>. You can also refer to this link to know more about Direct Connect routing policy.
Also https://forums.aws.amazon.com/ann.jspa?annID=2391
B is correct answers
Public virtual interface: Access AWS services from your on-premises data center. Allow AWS services, or AWS customers access to your public networks over the interface instead of traversing the internet.
B is the right answer
https://aws.amazon.com/premiumsupport/knowledge-center/public-private-interface-dx/
AWS Direct Connect (DX) provides three types of virtual interfaces: public, private, and transit.
To connect to AWS resources that are reachable by a public IP address (such as an Amazon Simple Storage Service bucket) or AWS public endpoints, use a public virtual interface.
To connect to your resources hosted in an Amazon Virtual Private Cloud (Amazon VPC) using their private IP addresses, use a private virtual interface.
B
https://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
"Virtual interfaces
Create a virtual interface to enable access to AWS services. A public virtual interface enables access to public services, such as Amazon S3. A private virtual interface enables access to your VPC. For more information, see AWS Direct Connect virtual interfaces and Prerequisites for virtual interfaces."
Also if you look at the question closely, they already have Direct Connect up and running, its just a matter of configuring the connection to meet their need
Check out the 2nd Bullet Point at the top of the page
https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
At first, I thought it must be D but after going through the documentation, its clearly B. as option B still uses Direct Connect but it is a more definite answer about what you are to do within DirectConnect to meet the stated goals
Ans is B
Public virtual interface: Access AWS services from your on-premises data center. Allow AWS services, or AWS customers access your public networks over the interface instead of traversing the internet.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
Answer is B.
Public virtual interface: Access AWS services from your on-premises data center. Allow AWS services, or AWS customers access your public networks over the interface instead of traversing the internet.
https://docs.aws.amazon.com/directconnect/latest/UserGuide/WorkingWithVirtualInterfaces.html
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mukeshs
Highly Voted 2 years, 7 months agosaumenP
Highly Voted 2 years, 7 months agoalbert_kuo
Most Recent 10 months agoantthomas
2 years, 1 month agoHVarada
2 years, 6 months agoabhishek_m_86
2 years, 6 months agoChirantan
2 years, 6 months agoRadhaghosh
2 years, 6 months agokkdd
2 years, 6 months agotahaRyski
2 years, 6 months agotahaRyski
2 years, 6 months ago[Removed]
2 years, 6 months agofilipov1
2 years, 6 months agojackdryan
2 years, 6 months agogilbertlelancelo
2 years, 6 months agoMFDOOM
2 years, 6 months agoPolu
2 years, 6 months ago