Q32 — AWS DVA-C02 Ch.3

Question 32 of 100 | ← Chapter 3

A company has multiple Amazon VPC endpoints in the same VPC. A developer wants to configure an Amazon S3 bucket policy so users can access the S3 bucket only through these VPC endpoints. Which solution meets these requirements?

Correct Answer: D. Create a single S3 bucket policy with multiple aws:sourceVpce values in a StringNotEquals condition—one for each VPC endpoint.

Explanation

Option D provides a solution applicable to all VPC endpoints. It specifies multiple aws:sourceVpce values in a single StringNotEquals condition, ensuring only traffic from those specific VPC endpoints can access the S3 bucket. Options A and C rely on a single StringNotEquals condition and thus cannot cover multiple distinct endpoints. Option B uses aws:SourceVpc, which restricts by VPC—not by individual VPC endpoints—and therefore fails to enforce endpoint-specific access control. Hence, Option D best fulfills the requirement. 【Lantern Certification provided by: swufelp1999】