AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company has a service that reads and writes large amounts of data from an Amazon S3 bucket in the same AWS Region. The service is deployed on Amazon EC2 instances within the private subnet of a VPC. The service communicates with Amazon S3 over a NAT gateway in the public subnet. However, the company wants a solution that will reduce the data output costs.

Which solution will meet these requirements MOST cost-effectively?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Provision a dedicated EC2 NAT instance in the public subnet. Configure the route table for the private subnet to use the elastic network interface of this instance as the destination for all S3 traffic.

Provision a dedicated EC2 NAT instance in the private subnet. Configure the route table for the public subnet to use the elastic network interface of this instance as the destination for all S3 traffic.

Provision a VPC gateway endpoint. Configure the route table for the private subnet to use the gateway endpoint as the route for all S3 traffic.

Provision a second NAT gateway. Configure the route table for the private subnet to use this NAT gateway as the destination for all S3 traffic.

Explanation:

Explanation

Correct Answer: C - Provision a VPC gateway endpoint.

Why this is the most cost-effective solution:

VPC Gateway Endpoints for S3 are free - Unlike NAT gateways which charge for data processing and data transfer, VPC gateway endpoints for S3 have no additional charges beyond the standard S3 request costs.
Eliminates NAT Gateway Costs - The current solution uses a NAT gateway, which incurs:
- Hourly charges for the NAT gateway
- Data processing charges per GB
- Data transfer charges for traffic going through the NAT gateway
Direct Private Connectivity - VPC gateway endpoints provide private connectivity between your VPC and S3 without traversing the public internet or requiring NAT devices.
Same Region Advantage - Since the S3 bucket is in the same AWS Region, using a VPC gateway endpoint keeps all traffic within the AWS network, avoiding data transfer costs.

Why the other options are not optimal:

A & B (EC2 NAT instances): These would still incur EC2 instance costs, data transfer costs, and require management overhead. They don't eliminate the fundamental issue of paying for data transfer through NAT devices.
D (Second NAT gateway): This would actually increase costs by adding another NAT gateway with its associated hourly and data processing charges.

Key AWS Concepts:

VPC Gateway Endpoints: Provide private connectivity to AWS services (S3, DynamoDB) without requiring internet gateways, NAT devices, or VPN connections.
NAT Gateway Costs: Charged per hour and per GB of data processed.
Data Transfer Costs: When using NAT gateways, you pay for data transfer out to S3, whereas VPC endpoints keep traffic within AWS's private network.

Implementation: The solution requires creating an S3 VPC gateway endpoint and updating the route table for the private subnet to route S3 traffic (0.0.0.0/0 or specific S3 prefixes) through the VPC endpoint rather than the NAT gateway.

Powered ByGPT-5.2

Comments

Loading comments...