A company operates application servers both on-premises and on Amazon EC2 instances within a VPC. These servers access data stored in an Amazon S3 bucket via the public internet. The EC2 instances in the VPC connect to the on-premises application servers using an AWS Site-to-Site VPN.

New regulations mandate that all traffic between the application servers and the S3 bucket must remain private and cannot traverse public IP addresses.

What is the most cost-effective solution to meet these requirements?

Exam-Like

Configure an S3 gateway endpoint Modify the route table with the appropriate route for the endpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.

50.0%

Configure an S3 interface endpoint. Update the on-premises servers and EC2 instances to use the interface endpoint DNS name to access the S3 bucket.

16.7%

Configure an S3 interface endpoint. Update the on-premises servers to use the interface endpoint DNS name to access the S3 bucket. Configure an S3 gateway endpoint. Modify the route table so that the EC2 instances use the gateway endpoint.

33.3%

Configure an S3 gateway endpoint. Modify the route table with the appropriate route for the endpoint. Use an S3 bucket policy to restrict access to the gateway endpoint. Configure a proxy server fleet behind a Network Load Balancer in the VPC so that the on-premises servers can access the S3 bucket.

0.0%

AWS Certified Advanced Networking - Specialty

Get started today

Comments