Learn how to provide secure access to Amazon S3 buckets from EC2 instances in a private subnet without requiring any changes to the instances or the application. Use AWS S3 gateway endpoint to maintain private subnet isolation and secure access to S3 buckets.
Table of Contents
Question
A company has deployed an application on Amazon EC2 instances in a single VPC. The company has placed the EC2 instances in a private subnet in the VPC.
The EC2 instances need access to Amazon S3 buckets that are in the same AWS Region as the EC2 instances. A SysOps administrator must provide the EC2 instances with access to the S3 buckets without requiring any changes to the EC2 instances or the application. The EC2 instances must not have access to the internet.
Which solution will meet these requirements?
A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint.
B. Create an S3 interface endpoint. Associate the EC2 instances with the interface endpoint.
C. Configure a NAT gateway. Associate the private subnet with the NAT gateway.
D. Configure a proxy EC2 instance. Update the private subnet route tables to route traffic through the proxy EC2 instance. Configure the proxy to route all S3 requests to the target S3 bucket.
Answer
A. Create an S3 gateway endpoint that uses the default gateway endpoint policy. Associate the private subnet with the gateway endpoint.
Explanation
This solution meets the requirements because it allows the EC2 instances to access the S3 buckets without requiring any changes to the EC2 instances or the application. The default gateway endpoint policy will allow the EC2 instances to access the S3 buckets via the gateway endpoint, while maintaining the private subnet’s isolation from the internet.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.