Q12 — AWS SAA-C03 Ch.1
Question 12 of 65 | ← Chapter 1
Q12. An application runs on Amazon EC2 instances in private subnets. The application needs to access an Amazon DynamoDB table. What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?
- A. Use a VPC endpoint for DynamoDB. ✓
- B. Use a NAT gateway in a public subnet.
- C. Use a NAT instance in a private subnet.
- D. Use the internet gateway attached to the VPC.
Correct Answer: A. Use a VPC endpoint for DynamoDB.
Explanation
Keyword: Private Subnets + Application needs to access DynamoDB.Condition: Traffic does not leave the AWS Network.DynamoDB = VPC Enpoint /VPC Gateway Endpoint.Options - A - Win the battle, which securely access AWS PrivateLink endpoints across AWS Regions using Inter-Region VPC PeeringOptions - B - Out of race, which is not meeting the condition Options - C - Out of race, which is not meeting the condition Options - D - Out of race, which is not meeting the condition VPC Enpoint. An Interface endpoint uses AWS PrivateLink and is an elastic network interface (ENI) with a private IP address that serves as an entry point for traffic destined to a supported service. Using PrivateLink you can connect your VPC to supported AWS services, services hosted by other AWS accounts (VPC endpoint services), and supported AWS Marketplace partner services.AWS PrivateLink access over Inter-Region VPC Peering:Applications in an AWS VPC can securely access AWS PrivateLink endpoints across AWS Regions using Inter-Region VPC Peering.AWS PrivateLink allows you to privately access services hosted on AWS in a highly available and scalable manner, without using public IPs, and without requiring the traffic to traverse the Internet. Customers can privately connect to a service even if the service endpoint resides in a different AWS Region.Traffic using Inter-Region VPC Peering stays on the global AWS backbone and never traverses the public Internet.A gateway endpoint is a gateway that is a target for a specified route in your route table, used for traffic destined to a supported AWS service.An interface VPC endpoint (interface endpoint) enables you to connect to services powered by AWS PrivateLink.The table below highlights some key information about both types of endpoint:References:https://aws.amazon.com/vpc/?nc2=h_ql_prod_nt_avpchttps://youtu.be/jZAvKgqlrjYSave time with our exam-specific cheat sheets:https://digitalcloud.training/certification-training/aws-solutions-architect-associate/networking-and- content- delivery/amazon-vpc/https://tutorialsdojo.com/amazon-vpc/