AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company runs a photo processing application that needs to frequently upload and download pictures from Amazon S3 buckets that are located in the same AWS Region. A solutions architect has noticed an increased cost in data transfer fees and needs to implement a solution to reduce these costs.

How can the solutions architect meet this requirement?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it.

Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets.

Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets.

Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets.

Explanation:

Explanation

Correct Answer: D - Deploy an S3 VPC gateway endpoint into the VPC and attach an endpoint policy that allows access to the S3 buckets.

Why Option D is Correct:

S3 VPC Gateway Endpoints: These are specifically designed to allow private connectivity between your VPC and Amazon S3 without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect.
Cost Reduction: When using S3 VPC endpoints:
- Data transfer between your VPC and S3 in the same AWS Region is free (no data transfer charges)
- Traffic stays within the AWS network and doesn't traverse the public internet
- Eliminates NAT gateway data processing charges
Security Benefits:
- Traffic remains within the AWS network
- Can use endpoint policies to restrict access to specific S3 buckets
- No exposure to the public internet

Why Other Options Are Incorrect:

A. Deploy Amazon API Gateway into a public subnet and adjust the route table to route S3 calls through it.

API Gateway is for creating RESTful APIs, not for optimizing S3 access
This would add complexity and potentially increase costs
Doesn't address the data transfer fee issue

B. Deploy a NAT gateway into a public subnet and attach an endpoint policy that allows access to the S3 buckets.

NAT gateways incur data processing charges ($0.045 per GB)
Traffic still goes through the public internet
Doesn't reduce data transfer costs

C. Deploy the application into a public subnet and allow it to route through an internet gateway to access the S3 buckets.

This is the current problematic setup
Uses public internet, incurring data transfer fees
Least secure option

Key AWS Concepts:

VPC Endpoints: Provide private connectivity to AWS services
S3 Gateway Endpoints: Specifically for S3, free data transfer within same region
Endpoint Policies: IAM-like policies to control access through the endpoint

Best Practice:**

When applications in a VPC need frequent access to S3 in the same region, always use S3 VPC gateway endpoints to eliminate data transfer costs and improve security.

Powered ByGPT-5.2

Comments

Loading comments...