AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company requires the use of a third-party software-as-a-service (SaaS) application that operates within an AWS VPC and is accessed via API calls. The company's VPC must connect to this SaaS application privately, without internet exposure, and adhere to the principle of least privilege for security. What is the appropriate solution to establish this secure, private connection?
Explanation:
The correct answer is A. Creating an AWS PrivateLink interface VPC endpoint and connecting it to the third-party SaaS application's endpoint service ensures that the communication between the company's VPC and the SaaS application does not traverse the internet, fulfilling the requirement for private connectivity. Additionally, configuring a security group to restrict access to the endpoint enforces the principle of least privilege. This solution effectively meets all the stated requirements.