Answer-first summary for fast verification
Answer: By establishing a gateway VPC endpoint in the same AZ as the EC2 instance, configuring security groups, and setting a bucket policy for the EC2 instance's IAM role.
The correct answer is B. Creating a gateway VPC endpoint for Amazon S3 in the Availability Zone where the EC2 instance is located ensures that all traffic to S3 remains within the AWS network and does not traverse the public internet. Attaching appropriate security groups to the endpoint and setting a bucket policy that restricts access to the EC2 instance's IAM role ensures that only the specified EC2 instance can upload data to the S3 bucket. This fully complies with the requirements of avoiding public internet routes and restricting access to the specific EC2 instance.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How can a company ensure secure data transfer from an Amazon EC2 instance to an Amazon S3 bucket without routing through public internet routes, and restrict access so only the EC2 instance can upload data?
A
By creating an interface VPC endpoint for Amazon S3 and setting a bucket policy for the EC2 instance's IAM role.
B
By establishing a gateway VPC endpoint in the same AZ as the EC2 instance, configuring security groups, and setting a bucket policy for the EC2 instance's IAM role.
C
By using nslookup to resolve the S3 endpoint's private IP, updating the VPC route table, and setting a bucket policy for the EC2 instance's IAM role.
D
By using the ip-ranges.json file to find the S3 endpoint's private IP, updating the VPC route table, and setting a bucket policy for the EC2 instance's IAM role.
No comments yet.