Answer-first summary for fast verification
Answer: Implement gateway VPC endpoints for Amazon S3. Update the VPC route table.
The question revolves around reducing NAT gateway costs for traffic between EC2 instances in a private subnet and Amazon S3. Option A suggests creating a Direct Connect private VIF and migrating traffic from the public VIF to the private VIF. This does not directly address the NAT gateway costs since the traffic would still need to traverse the NAT gateway to reach S3. Option B proposes creating an AWS Site-to-Site VPN tunnel over the existing public VIF, which also does not eliminate the need for NAT gateway traversal. Option C suggests implementing interface VPC endpoints for Amazon S3 and updating the VPC route table. Interface VPC endpoints allow EC2 instances in a private subnet to connect to S3 without needing to traverse the internet or a NAT gateway, thus reducing costs. Option D suggests implementing gateway VPC endpoints for Amazon S3 and updating the VPC route table. Gateway VPC endpoints also allow EC2 instances in a private subnet to connect to S3 without needing to traverse the internet or a NAT gateway, thus reducing costs. However, gateway VPC endpoints are more cost-effective and simpler to manage than interface VPC endpoints for S3 access. Therefore, the best solution to meet the requirements is to implement gateway VPC endpoints for Amazon S3 and update the VPC route table.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is hosting its website on AWS within a single VPC, which includes public and private subnets across two Availability Zones. Static content, such as images, is stored in Amazon S3. The website is served by a fleet of Amazon EC2 instances deployed in private subnets, managed by an Auto Scaling group and fronted by an Application Load Balancer. These EC2 instances retrieve content from an S3 bucket to render webpages. The company uses AWS Direct Connect with a public VIF for on-premises connectivity to the S3 bucket.
A network engineer observes that traffic between the EC2 instances and Amazon S3 is routed through a NAT gateway, leading to increased costs as traffic grows. To reduce NAT gateway costs associated with this traffic, what solution should the network engineer implement?
A
Create a Direct Connect private VIF. Migrate the traffic from the public VIF to the private VIF.
B
Create an AWS Site-to-Site VPN tunnel over the existing public VIF.
C
Implement interface VPC endpoints for Amazon S3. Update the VPC route table.
D
Implement gateway VPC endpoints for Amazon S3. Update the VPC route table.