Q55 — AWS SAA-C03 Ch.5

Question 55 of 65 | ← Chapter 5

Q355. An application that is hosted on Amazon EC2 instances needs to access an Amazon S3 bucket. Traffic must not traverse the internet.How should a solutions architect configure access to meet these requirements?

Correct Answer: B. Set up a gateway VPC endpoint for Amazon S3 in the VPC

Explanation

B. Set up a gateway VPC endpoint for Amazon S3 in the VPC:By setting up a gateway VPC endpoint for Amazon S3 in the VPC, the EC2 instances can access the S3 bucket over the AWS network without traffic traversing the internet. This approach ensures secure and efficient communication between the EC2 instances and the S3 bucket. Option A involves creating a private hosted zone using Route 53 which is used for DNS resolution and may not provide direct access to S3.Option C involves configuring the EC2 instances to use a NAT gateway to access the S3 bucket which may introduce additional complexity and operational overhead.Option D involves establishing an AWS Site-to-Site VPN connection between the VPC and the S3 bucket which may not be as efficient as using a gateway VPC endpoint for S3.