What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

By: study aws cloud

On: January 8, 2025

Tagged: Solutions Architect Associate

With: 0 Comments

An application runs on Amazon EC2 instances in private subnets.The application needs to access an Amazon DynamoDB table.

What is the MOST secure way to access the table while ensuring that the traffic does not leave the AWS network?

Use a VPC endpoint for DynamoDB.

Use a NAT gateway in a public subnet.

Use a NAT instance in a private subnet.

Use the internet gateway attached to the VPC.

Explanations:

A VPC endpoint for DynamoDB allows private subnet instances to access DynamoDB securely without needing an internet gateway or NAT. The traffic remains within the AWS network.

A NAT gateway in a public subnet would route traffic to the internet for DynamoDB access, exposing the data to the public network.

A NAT instance in a private subnet would also require an internet gateway to access DynamoDB, making it less secure as it routes traffic outside the AWS network.

Using an internet gateway would send traffic outside of the AWS network, which is not secure for accessing resources like DynamoDB from private subnets.

Previous Post: Which AWS service is used to provide encryption for Amazon EBS?

Next Post: Which AWS service enables the decoupling and scaling of applications?

Leave a Reply Cancel reply