AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company is creating an application that runs on containers in a VPC. The application stores and accesses data in an Amazon S3 bucket. During the development phase, the application will store and access 1 TB of data in Amazon S3 each day. The company wants to minimize costs and wants to prevent traffic from traversing the internet whenever possible.
Which solution will meet these requirements?
Other
Community
UAnonymous
A
Enable S3 Intelligent-Tiering for the S3 bucket
B
Enable S3 Transfer Acceleration for the S3 bucket
C
Create a gateway VPC endpoint for Amazon S3. Associate this endpoint with all route tables in the VPC
D
Create an interface endpoint for Amazon S3 in the VPC. Associate this endpoint with all route tables in the VPC
Explanation:
Explanation
Correct Answer: C
Why Option C is correct:
- Cost minimization: Gateway VPC endpoints for S3 are free (no hourly charges or data processing fees). The only cost is the standard S3 data transfer and storage costs.
- Prevents internet traversal: Gateway VPC endpoints allow traffic between the VPC and S3 to stay within the AWS network, avoiding the public internet.
- Route table association: Associating the endpoint with all route tables ensures that all subnets in the VPC can use the endpoint.
Why other options are incorrect:
Option A (S3 Intelligent-Tiering):
- This is a storage class optimization feature that automatically moves data between access tiers based on access patterns.
- It helps reduce storage costs but does NOT prevent traffic from traversing the internet.
- The application still needs to access S3 over the internet unless combined with other networking solutions.
Option B (S3 Transfer Acceleration):
- This feature uses CloudFront's edge locations to accelerate uploads to S3.
- It actually routes traffic through the internet (via CloudFront edge locations), which contradicts the requirement to prevent internet traversal.
- It may increase costs due to CloudFront data transfer charges.
Option D (Interface endpoint for Amazon S3):
- Interface endpoints (AWS PrivateLink) are available for many AWS services, but for S3 specifically, gateway endpoints are the recommended and cost-effective solution.
- Interface endpoints incur hourly charges and data processing fees, which would increase costs.
- Gateway endpoints are specifically designed for S3 and are more cost-effective.
Key AWS Concepts:
- Gateway VPC Endpoint: A horizontally scaled, redundant gateway that allows private connectivity between VPC and supported AWS services (like S3) without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect.
- Interface VPC Endpoint: Uses AWS PrivateLink technology and provides private connectivity to services that support it, but typically incurs costs.
- For S3 access from within a VPC, gateway endpoints are the most cost-effective solution for keeping traffic within AWS network.
Additional Considerations:
- The application processes 1 TB of data daily, so keeping this traffic within AWS network avoids potential internet bandwidth costs and improves security.
- Gateway endpoints work with S3 bucket policies and IAM policies to control access.
- This solution meets both requirements: minimizing costs (free endpoint) and preventing internet traversal (traffic stays within AWS network).
Comments
Loading comments...