Explanation:
The most secure way to access an Amazon DynamoDB table from an application running on Amazon EC2 instances in private subnets is to use a VPC endpoint for DynamoDB. This ensures that the traffic remains within the AWS network and does not traverse the internet. Options B and C involve NAT gateways or instances, which route traffic through the internet, leading to potential security risks. Option D uses an internet gateway, which also exposes the traffic to the internet. Hence, the correct answer is A: Use a VPC endpoint for DynamoDB.
Ultimate access to all questions.
No comments yet.
How can an application running on private subnet EC2 instances securely access an Amazon DynamoDB table without AWS network egress?
A
Utilize a VPC endpoint for DynamoDB.
B
Implement a NAT gateway in a public subnet.
C
Deploy a NAT instance within a private subnet.
D
Leverage the VPC's internet gateway.