A company maintains a data lake in Amazon S3, which is required to be accessed by numerous applications distributed across multiple AWS accounts. The company's information security policy mandates that the S3 bucket should not be accessible via the public internet and that each application must have only the necessary permissions to operate. To comply with these security requirements, a solutions architect is tasked with implementing an S3 access point that is exclusively accessible from specific VPCs for each application. What are the appropriate steps for the solutions architect to take in order to achieve this setup? (Select two options.)

Exam-Like

Create an S3 access point for each application within the AWS account that owns the S3 bucket. Configure each access point to restrict access to the application’s VPC. Modify the bucket policy to enforce access through an access point.

37.5%

Establish an interface endpoint for Amazon S3 in each application's VPC. Adjust the endpoint policy to permit access to an S3 access point. Set up a VPC gateway attachment for the S3 endpoint.

6.3%

Set up a gateway endpoint for Amazon S3 in each application's VPC. Customize the endpoint policy to grant access to an S3 access point. Define the route table used to access the access point.

25.0%

Generate an S3 access point for each application in every AWS account and link the access points to the S3 bucket. Configure each access point to limit access to the application's VPC. Amend the bucket policy to mandate access through an access point.

12.5%

Create a gateway endpoint for Amazon S3 in the VPC of the data lake. Apply an endpoint policy to allow access to the S3 bucket. Specify the route table used to access the bucket.

18.8%

AWS Certified Solutions Architect - Professional

Comments

Get started today