A company is deploying a two-tier web application in a new VPC within a single AWS Region. The VPC includes an internet gateway and four subnets: two public subnets with default routes to the internet gateway and two private subnets sharing a route table without a default route. The application will run on Amazon EC2 instances behind an external Application Load Balancer, with the EC2 instances requiring no direct internet access. The application will use an Amazon S3 bucket in the same Region for data storage, performing S3 GET and PUT API operations from the EC2 instances. A network engineer must design a VPC architecture that minimizes data transfer costs.

Which solution meets these requirements?

Exam-Like

Deploy the EC2 instances in the public subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

Deploy the EC2 instances in the private subnets. Create a NAT gateway in the VPC. Create default routes in the private subnets to the NAT gateway. Connect to Amazon S3 by using the NAT gateway.

Deploy the EC2 instances in the private subnets. Create an S3 gateway endpoint in the VPSpecify die route table of the private subnets during endpoint creation to create routes to Amazon S3.

Deploy the EC2 instances in the private subnets. Create an S3 interface endpoint in the VPC. Modify the application configuration to use the S3 endpoint-specific DNS hostname.

AWS Certified Advanced Networking - Specialty

Get started today

Comments