Explanation:
The financial institution has a VPC hosting an Amazon Bedrock AI application with a critical constraint: no internet access is permitted due to regulatory compliance requirements. This means all communication must occur within AWS's private network infrastructure without traversing the public internet.
A. AWS PrivateLink - This is the correct solution. AWS PrivateLink enables private connectivity between VPCs and AWS services (including Amazon Bedrock) using private IP addresses within the AWS network. Traffic never touches the public internet, making it ideal for compliance scenarios requiring isolation from internet exposure.
B. Amazon Macie - This is a data security and privacy service that uses machine learning to discover and protect sensitive data. While valuable for compliance, it does not provide connectivity solutions and cannot enable access to Amazon Bedrock without internet connectivity.
C. Amazon CloudFront - This is a Content Delivery Network (CDN) service that accelerates content delivery through edge locations. It requires internet connectivity for origin communication and would expose traffic to the public internet, violating the regulatory constraint.
D. Internet Gateway - This VPC component provides internet access by routing traffic between the VPC and the public internet. Using it would directly contradict the requirement of "no internet traffic" and would fail compliance standards.
For AI applications in regulated industries like finance, AWS PrivateLink represents the standard architectural pattern for accessing AWS AI/ML services while maintaining network isolation. This approach aligns with AWS Well-Architected Framework principles for security and compliance.
Ultimate access to all questions.
No comments yet.
Which AWS service or feature allows an Amazon Bedrock AI application hosted in a VPC with no internet access to meet regulatory compliance requirements?
A
AWS PrivateLink
B
Amazon Macie
C
Amazon CloudFront
D
Internet gateway