Q46 — AWS SAA-C03 Ch.1
Question 46 of 65 | ← Chapter 1
Q46. A company is storing sensitive user information in an Amazon S3 bucket. The company wants to provide secure access to this bucketfrom the application tier running on Amazon EC2 instances inside a VPC. Which combination of steps should a solutions architect take to accomplish this? (Select TWO.)
- A. Configure a VPC gateway endpoint for Amazon S3 within the VPC. ✓
- B. Create a bucket policy to make the objects in the S3 bucket public.
- C. Create a bucket policy that limits access to only the application tier running in the VPC. ✓
- D. Create an IAM user with an S3 access policy and copy the IAM credentials to the EC2 instance.
- E. Create a NAT instance and have the EC2 instances use the NAT instance to access the S3 bucket.
Correct Answer: A. Configure a VPC gateway endpoint for Amazon S3 within the VPC., C. Create a bucket policy that limits access to only the application tier running in the VPC.
Explanation
To provide secure access to the sensitive user information stored in an Amazon S3 bucket from the application tier running on EC2 instances within a VPC, the following steps should be taken:Configure a VPC gateway endpoint for Amazon S3 within the VPC: This allows the EC2 instances in the VPC to securely access S3 without requiring internet access or traversing a NAT gateway. The VPC endpoint acts as a private connection between the VPC and S3, ensuring that data transfer remains within the AWS network and doesn't go over the public internet.Create a bucket policy that limits access to only the application tier running in the VPC: By creating a bucket policy, you can explicitly define the permissions and restrictions for accessing the S3 bucket. In this case, the policy should be configured to allow access only from the specific IP ranges or security groups associated with the EC2 instances running in the VPC.