ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional topic 1 question 905 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional
Question #: 905
Topic #: 1
[All AWS Certified Solutions Architect - Professional Questions]

A company wants to send data from its on-premises systems to Amazon S3 buckets. The company created the S3 buckets in three different accounts. The company must send the data privately without the data traveling across the internet. The company has no existing dedicated connectivity to AWS.
Which combination of steps should a solutions architect take to meet these requirements? (Choose two.)

  • A. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a private VIF between the on-premises environment and the private VPC.
  • B. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Set up an AWS Direct Connect connection with a public VIF between the on-premises environment and the private VPC.
  • C. Create an Amazon S3 interface endpoint in the networking account.
  • D. Create an Amazon S3 gateway endpoint in the networking account.
  • E. Establish a networking account in the AWS Cloud. Create a private VPC in the networking account. Peer VPCs from the accounts that host the S3 buckets with the VPC in the network account.
Show Suggested Answer Hide Answer
Suggested Answer: AC 🗳️
by Cloudyheema at Aug. 31, 2022, 3:35 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ni_yot
Highly Voted 2 years, 7 months ago
Ans is A C. S3 supports both gateway and interface endpoints. The main difference is that interface endpoint allows access from on-premises while gateway endpoint does not. https://docs.aws.amazon.com/AmazonS3/latest/userguide/privatelink-interface-endpoints.html#types-of-vpc-endpoints-for-s3
upvoted 15 times
Byrney
2 years, 5 months ago
AC: https://aws.amazon.com/blogs/aws/aws-privatelink-for-amazon-s3-now-available/
upvoted 3 times
...
...
redipa
Highly Voted 2 years, 7 months ago
Selected Answer: AC
Answer: Private VIF + Interface endpoint https://aws.amazon.com/premiumsupport/knowledge-center/s3-bucket-access-direct-connect/ Use a private IP address over Direct Connect (with an interface VPC endpoint) To access Amazon S3 using a private IP address over Direct Connect, perform the following steps: ... 3. Create a private virtual interface for your connection. ... 5. Create an interface VPC endpoint for Amazon S3 in a VPC that is associated with the virtual private gateway. The VGW must connect to a Direct Connect private virtual interface. This interface VPC endpoint resolves to a private IP address even if you enable a VPC endpoint for S3.
upvoted 8 times
skywalker
2 years, 6 months ago
AC Rule out B because it didn't mentioned creating an interface VPC endpoint for Amazon S3 which is needed for Using a private IP address over Direct Connect (with an interface VPC endpoint).. Thus A seems a logical choice instead of B.
upvoted 1 times
...
...
WhyIronMan
Most Recent 9 months, 3 weeks ago
Selected Answer: AC
A,C, as interface endpoint allows access from on-premises while gateway endpoint does not
upvoted 1 times
...
ggrodskiy
1 year, 9 months ago
Correct AC.
upvoted 1 times
...
LrdKanien
2 years, 5 months ago
A and C. You can't route from on prem to the gateway VPC endpoint.
upvoted 1 times
...
alnadan
2 years, 5 months ago
Selected Answer: AC
AC Here is the link: https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 1 times
...
alnadan
2 years, 5 months ago
A & C https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 1 times
...
Blair77
2 years, 6 months ago
Selected Answer: AC
A&C: https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 2 times
...
Rocketeer
2 years, 6 months ago
BD Need public VIF + Gateway endpoint for S3
upvoted 3 times
Rocketeer
2 years, 6 months ago
changed to AC
upvoted 1 times
...
...
JohnPi
2 years, 7 months ago
Selected Answer: BC
public VIF + interface endpoint
upvoted 2 times
JohnPi
2 years, 6 months ago
AC Private VIF + Interface endpoint
upvoted 1 times
...
...
Cloudxie
2 years, 7 months ago
In scenarios where you must access S3 buckets securely from on-premises or from across Regions, we recommend using an interface endpoint. If you chose a gateway endpoint, install a fleet of proxies in the VPC to address transitive routing.
upvoted 2 times
...
Biden
2 years, 7 months ago
As an architect consider future needs too. GW EPs is supported for resources in a specific VPC to which the EP is associated, which complicates future design. Hence A,C !!
upvoted 2 times
...
pixepe
2 years, 7 months ago
My Answer is A,C We all have consensus on A. Between D & E, D (S3 Gateway Endpoint) is Regional, and doesn't support in cross-VPC. Here question doesn't state anything on region on cross-account. So have doubt on D that it will NOT work. And C(S3 Interfcae endpoint) can work on multi-region, cross-account etc. REf - https://aws.amazon.com/blogs/architecture/choosing-your-vpc-endpoint-strategy-for-amazon-s3/
upvoted 4 times
...
AwsBRFan
2 years, 7 months ago
Selected Answer: AD
S3 - Gateway interface - https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html
upvoted 3 times
...
SGES
2 years, 8 months ago
A & C to me are preferable
upvoted 2 times
cale
2 years, 8 months ago
I think so too - it's A & C
upvoted 1 times
...
...
Cloudyheema
2 years, 8 months ago
D & E make sense
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago