ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C02 topic 1 question 778 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C02
Question #: 778
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C02 Questions]

A company needs to move data from an Amazon EC2 instance to an Amazon S3 bucket. The company must ensure that no API calls and no data are routed through public internet routes. Only the EC2 instance can have access to upload data to the S3 bucket.
Which solution will meet these requirements?

  • A. Create an interface VPC endpoint for Amazon S3 in the subnet where the EC2 instance is located. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
  • B. Create a gateway VPC endpoint for Amazon S3 in the Availability Zone where the EC2 instance is located. Attach appropriate security groups to the endpoint. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
  • C. Run the nslookup tool from inside the EC2 instance to obtain the private IP address of the S3 bucket's service API endpoint. Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
  • D. Use the AWS provided, publicly available ip-ranges.json file to obtain the private IP address of the S3 bucket's service API endpoint. Create a route in the VPC route table to provide the EC2 instance with access to the S3 bucket. Attach a resource policy to the S3 bucket to only allow the EC2 instance's IAM role for access.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by sk_sk at Sept. 28, 2022, 5:19 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Gajendr
1 year, 6 months ago
Gateway endpoint doesnt use security groups but route table entry so B is wrong, A is correct
upvoted 1 times
...
Reckless_Jas
1 year, 10 months ago
The answer should be A, NAT Gateway doesn't have a security group.
upvoted 1 times
...
garagaus
1 year, 11 months ago
I think A is the answer. String to focus is "no data are routed through public internet"
upvoted 1 times
...
drinu89
2 years, 8 months ago
Selected Answer: B
It is B VPC Gateway Endpoint : used for S3 and DynamoDB VPN Interface Endpoint: the rest of AWS services
upvoted 2 times
Justin237
2 years, 6 months ago
S3 support both Gateway Endpoint and Interface Endpoint
upvoted 2 times
...
...
sk_sk
2 years, 9 months ago
why not A for privatelink?
upvoted 1 times
drinu89
2 years, 8 months ago
VPC Gateway Endpoint : used for S3 and DynamoDB VPN Interface Endpoint: the rest of AWS services Therefore, it is B
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel