Answer-first summary for fast verification
Answer: Establish an AWS PrivateLink interface VPC endpoint connected to the SaaS application's endpoint service, with a security group configured to restrict access, which is then associated with the endpoint.
The correct answer is A. Creating an AWS PrivateLink interface VPC endpoint and connecting it to the third-party SaaS application's endpoint service ensures that the communication between the company's VPC and the SaaS application does not traverse the internet, fulfilling the requirement for private connectivity. Additionally, configuring a security group to restrict access to the endpoint enforces the principle of least privilege. This solution effectively meets all the stated requirements.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company requires the use of a third-party software-as-a-service (SaaS) application that operates within an AWS VPC and is accessed via API calls. The company's VPC must connect to this SaaS application privately, without internet exposure, and adhere to the principle of least privilege for security. What is the appropriate solution to establish this secure, private connection?
A
Establish an AWS PrivateLink interface VPC endpoint connected to the SaaS application's endpoint service, with a security group configured to restrict access, which is then associated with the endpoint.
B
Set up an AWS Site-to-Site VPN between the company's VPC and the SaaS application's VPC, with network ACLs configured to restrict access through the VPN tunnels.
C
Configure a VPC peering connection between the company's VPC and the SaaS application's VPC, updating the route tables to include the necessary routes for the peering connection.
D
Create an AWS PrivateLink endpoint service and request the SaaS provider to establish an interface VPC endpoint for this service, granting access permissions to the SaaS provider's specific AWS account.
No comments yet.