Q58 — AWS ANS-C01 Ch.1

Question 58 of 100 | ← Chapter 1

A real estate company is building an internal application so that real estate agents can upload photos and videos of various properties. The Application will store these photos and videos in an Amazon S3 bucket as objects and will use Amazon DynamoDB to store corresponding Metadata. The S3 bucket will be con¦gured to publish all PUT events for new object uploads to an Amazon Simple Queue Service (Amazon SQS) Queue. A compute cluster of Amazon EC2 instances will poll the SQS queue to ¦nd out about newly uploaded objects. The cluster will retrieve new Objects, perform proprietary image and video recognition and classi¦cation update metadata in DynamoDB and replace the objects with new Watermarked objects. The company does not want public IP addresses on the EC2 instances. Which networking design solution will meet these requirements MOST cost-effectively as application usage increases?

Correct Answer: C. Place the EC2 instances in a private subnet. Create an interface VPC endpoint for Amazon SQS. Create gateway VPC endpoints for Amazon S3 and DynamoDB.

Explanation

选择C是因为它提供了一个安全且成本效益高的网络设计方案。将EC2实例放置在私有子网中可避免直接暴露给公网,提高安全性。同时,使用网关VPC端点(GatewayVPCEndpoint)允许EC2实例在VPC内直接访问AmazonS3和DynamoDB,无需通过公网或NAT网关,从而降低了数据传输成本和延迟。对于AmazonSQS,由于它是基于消息的服务,更适合使用接口VPC端点(InterfaceVPCEndpoint),因为它支持请求/响应模式的通信。这样的设计既满足了安全要求,又优化了成本。 查看全部