Answer-first summary for fast verification
Answer: By defining a single S3 bucket policy that lists multiple aws:sourceVpce conditions in StringNotEquals for all relevant VPC endpoint IDs.
The correct answer is D. This option specifies creating a single S3 bucket policy that lists multiple aws:SourceVpce conditions using StringNotEquals for all relevant VPC endpoint IDs. This approach is the closest to ensuring that users can only access the S3 bucket through specified VPC endpoints, as it explicitly states the acceptable VPC endpoints. Using StringNotEquals helps in denying access if the requests come from any endpoints not listed. The other options either do not comprehensively cover all VPC endpoints or are not appropriately configured to meet the requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In a scenario with multiple Amazon VPC endpoints within a single VPC, how should a developer configure an S3 bucket policy to restrict access to the bucket exclusively through these endpoints?
A
By creating individual S3 bucket policies for each endpoint ID, utilizing the aws:SourceVpce condition with StringNotEquals.
B
By establishing a unified S3 bucket policy applying the aws:SourceVpc condition with StringNotEquals to the VPC ID.
C
By formulating a single S3 bucket policy with a aws:SourceVpce condition using StringNotEquals for vpce*.
D
By defining a single S3 bucket policy that lists multiple aws:sourceVpce conditions in StringNotEquals for all relevant VPC endpoint IDs.