Answer-first summary for fast verification
Answer: Deploy a gateway VPC endpoint for Amazon S3.
## Explanation **Correct Answer: C - Deploy a gateway VPC endpoint for Amazon S3.** ### Why this is the correct answer: 1. **VPC Endpoints eliminate NAT gateway data transfer costs**: When EC2 instances access Amazon S3 through a NAT gateway, all traffic goes through the NAT gateway, incurring data transfer charges for both inbound and outbound traffic. Gateway VPC endpoints for S3 provide a private connection between your VPC and S3 without going through the internet or NAT gateway. 2. **No data transfer charges**: With a gateway VPC endpoint, data transferred between EC2 instances and S3 within the same AWS Region does not incur data transfer charges. This is the most cost-effective solution. 3. **Maintains high availability**: Gateway VPC endpoints are highly available and automatically scale, providing better reliability than NAT solutions. ### Why the other options are incorrect: **A. Launch the NAT gateway in each Availability Zone.** - This would actually increase costs by deploying multiple NAT gateways (each incurs hourly charges). - Data transfer charges would still apply for traffic going through NAT gateways. - Does not solve the core issue of avoiding data transfer charges. **B. Replace the NAT gateway with a NAT instance.** - NAT instances are EC2 instances that perform NAT functions. - They still incur data transfer charges for traffic to/from S3. - Less reliable than NAT gateways (single point of failure). - Requires management and scaling effort. **D. Provision an EC2 Dedicated Host to run the EC2 instances.** - Dedicated Hosts are for compliance/licensing requirements, not for reducing data transfer costs. - They are more expensive than regular EC2 instances. - Does not address the data transfer charges between EC2 and S3. ### Key AWS Concepts: - **Gateway VPC Endpoints**: Private connection to AWS services (S3, DynamoDB) without internet gateway, NAT device, VPN connection, or AWS Direct Connect. - **Data Transfer Costs**: AWS charges for data transferred out of AWS services to the internet or between Availability Zones. Data transfer within the same Region via VPC endpoints is free. - **NAT Gateway**: Managed NAT service that allows instances in private subnets to connect to the internet or other AWS services, but incurs data transfer charges. ### Best Practice Recommendation: Always use VPC endpoints for accessing AWS services like S3 and DynamoDB when possible to minimize data transfer costs and improve security by keeping traffic within the AWS network.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company runs a highly available image-processing application on Amazon EC2 instances in a single VPC. The EC2 instances run inside several subnets across multiple Availability Zones. The EC2 instances do not communicate with each other. However, the EC2 instances download images from Amazon S3 and upload images to Amazon S3 through a single NAT gateway. The company is concerned about data transfer charges. What is the MOST cost-effective way for the company to avoid Regional data transfer charges?
A
Launch the NAT gateway in each Availability Zone.
B
Replace the NAT gateway with a NAT instance.
C
Deploy a gateway VPC endpoint for Amazon S3.
D
Provision an EC2 Dedicated Host to run the EC2 instances.