AWS Certified Advanced Networking - Specialty

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure an S3 gateway endpoint Modify the route table with the appropriate route for the endpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.

To meet the company's requirements for private traffic between application servers and the S3 bucket without using public IP addresses, the most cost-effective solution is to use an S3 gateway endpoint. This is because gateway endpoints are free of charge and provide a secure and private connection between your VPC and S3 without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. By configuring an S3 gateway endpoint and modifying the route table with the appropriate route for the endpoint, the EC2 instances can access the S3 bucket through the gateway endpoint, ensuring that the traffic remains within the AWS network and does not traverse the public internet. This solution does not require any additional infrastructure or complex configurations, making it the most cost-effective option. Option A is the correct choice because it directly addresses the requirement for private access to S3 from the EC2 instances in the VPC without incurring additional costs.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Answer: Configure an S3 gateway endpoint Modify the route table with the appropriate route for the endpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company operates application servers both on-premises and on Amazon EC2 instances within a VPC. These servers access data stored in an Amazon S3 bucket via the public internet. The EC2 instances in the VPC connect to the on-premises application servers using an AWS Site-to-Site VPN.

New regulations mandate that all traffic between the application servers and the S3 bucket must remain private and cannot traverse public IP addresses.

What is the most cost-effective solution to meet these requirements?

Exam-Like

Last updated: February 15, 2026 at 14:02

Configure an S3 gateway endpoint Modify the route table with the appropriate route for the endpoint. Access the S3 bucket through the gateway endpoint from the EC2 instances.

50.0%

Configure an S3 interface endpoint. Update the on-premises servers and EC2 instances to use the interface endpoint DNS name to access the S3 bucket.

16.7%

Configure an S3 interface endpoint. Update the on-premises servers to use the interface endpoint DNS name to access the S3 bucket. Configure an S3 gateway endpoint. Modify the route table so that the EC2 instances use the gateway endpoint.

33.3%

Configure an S3 gateway endpoint. Modify the route table with the appropriate route for the endpoint. Use an S3 bucket policy to restrict access to the gateway endpoint. Configure a proxy server fleet behind a Network Load Balancer in the VPC so that the on-premises servers can access the S3 bucket.