Which solution will meet these requirements?

By: study aws cloud

On: January 3, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

A company has applications that run on Amazon EC2 instances in a VPC.One of the applications needs to call the Amazon S3 API to store and read objects.According to the company’s security regulations, no traffic from the applications is allowed to travel across the internet.

Which solution will meet these requirements?

Configure an S3 gateway endpoint.

Create an S3 bucket in a private subnet.

Create an S3 bucket in the same AWS Region as the EC2 instances.

Configure a NAT gateway in the same subnet as the EC2 instances.

Explanations:

Configuring an S3 gateway endpoint allows EC2 instances in a VPC to access S3 directly without going through the internet, complying with the security regulations.

Creating an S3 bucket in a private subnet does not make sense, as S3 is a global service and does not reside in a VPC or subnet. Buckets cannot be private subnets.

While creating an S3 bucket in the same AWS Region as the EC2 instances is a good practice, it does not address the requirement of preventing internet traffic.

Configuring a NAT gateway allows instances in a private subnet to access the internet, which violates the company’s security regulations prohibiting internet traffic.

Previous Post: Which AWS service or resource will meet these requirements?

Next Post: Which action will help increase security in the AWS Cloud?

Leave a Reply Cancel reply