Answer-first summary for fast verification
Answer: Create a gateway VPC endpoint to the S3 bucket.
## Explanation **Correct Answer: A** - Create a gateway VPC endpoint to the S3 bucket. **Why this is correct:** 1. **Gateway VPC Endpoints** provide private connectivity between your VPC and AWS services (like S3) without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect. 2. When you create a gateway VPC endpoint for S3, traffic between your VPC and S3 stays within the AWS network and doesn't traverse the public internet. 3. This solution meets the requirement of accessing S3 "without connectivity to the internet" while maintaining network isolation. **Why other options are incorrect:** **B** - Streaming logs to CloudWatch Logs and exporting them to S3 doesn't solve the private connectivity requirement. The EC2 instance would still need to access CloudWatch Logs, and the export process might still require internet connectivity or additional configuration. **C** - An instance profile provides IAM permissions (authentication/authorization) but doesn't address network connectivity. Even with proper IAM permissions, the EC2 instance would still need network connectivity to reach S3, which would typically require internet access without a VPC endpoint. **D** - While API Gateway with private endpoints can provide private access to APIs, this is an overly complex solution for direct S3 access. Gateway VPC endpoints are the native, simpler solution specifically designed for S3 access from within a VPC without internet connectivity. **Key AWS Concepts:** - **VPC Endpoints**: Enable private connectivity to AWS services from within your VPC - **Gateway VPC Endpoint**: Specifically for S3 and DynamoDB, uses route tables to direct traffic - **Interface VPC Endpoint**: For other AWS services, uses Elastic Network Interfaces (ENIs) - **Private Connectivity**: Traffic stays within AWS network, not exposed to public internet This solution ensures secure, private access to S3 while maintaining the EC2 instance's isolation from the internet.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
An application runs on an Amazon EC2 instance in a VPC. The application processes logs that are stored in an Amazon S3 bucket. The EC2 instance needs to access the S3 bucket without connectivity to the internet. Which solution will provide private network connectivity to Amazon S3?
A
Create a gateway VPC endpoint to the S3 bucket.
B
Stream the logs to Amazon CloudWatch Logs. Export the logs to the S3 bucket.
C
Create an instance profile on Amazon EC2 to allow S3 access.
D
Create an Amazon API Gateway API with a private link to access the S3 endpoint.