AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
A company maintains a data lake in Amazon S3, which is required to be accessed by numerous applications distributed across multiple AWS accounts. The company's information security policy mandates that the S3 bucket should not be accessible via the public internet and that each application must have only the necessary permissions to operate. To comply with these security requirements, a solutions architect is tasked with implementing an S3 access point that is exclusively accessible from specific VPCs for each application. What are the appropriate steps for the solutions architect to take in order to achieve this setup? (Select two options.)
A company maintains a data lake in Amazon S3, which is required to be accessed by numerous applications distributed across multiple AWS accounts. The company's information security policy mandates that the S3 bucket should not be accessible via the public internet and that each application must have only the necessary permissions to operate. To comply with these security requirements, a solutions architect is tasked with implementing an S3 access point that is exclusively accessible from specific VPCs for each application. What are the appropriate steps for the solutions architect to take in order to achieve this setup? (Select two options.)
Explanation:
Options A and C are the correct steps for implementing a restricted S3 access point for specific VPCs and ensuring compliance with the company's information security policy. Option A involves creating an S3 access point for each application within the AWS account that owns the S3 bucket and configuring these access points to be accessible only from the application’s VPC, updating the bucket policy to enforce access control. Option C is about setting up a gateway endpoint for Amazon S3 in each application's VPC and configuring the endpoint policy to allow access to the S3 access point while specifying the correct route table.