What should the solutions architect do to meet these requirements?

By:
On:
In: SAA-C02
Tagged:
With: 0 Comments
A solutions architect is creating an application.The application will run on Amazon EC2 instances in private subnets across multiple Availability Zones in a VPC.The EC2 instances will frequently access large files that contain confidential information.These files are stored in Amazon S3 buckets for processing.The solutions architect must optimize the network architecture to minimize data transfer costs.

What should the solutions architect do to meet these requirements?

Create a gateway endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the gateway endpoint.

Create a single NAT gateway in a public subnet. In the route tables for the private subnets, add a default route that points to the NAT gateway.

Create an AWS PrivateLink interface endpoint for Amazon S3 in the VPC. In the route tables for the private subnets, add an entry for the interface endpoint.

Create one NAT gateway for each Availability Zone in public subnets. In each of the route tables for the private subnets, add a default route that points to the NAT gateway in the same Availability Zone.

Explanations:

Creating a gateway endpoint for Amazon S3 allows EC2 instances in private subnets to access S3 without needing a NAT gateway or public internet. This optimizes data transfer costs because traffic remains within the AWS network, avoiding data transfer charges associated with public internet access. Adding an entry for the gateway endpoint in the route tables directs the traffic appropriately.

A NAT gateway would require the EC2 instances to route their traffic through it to access S3, which involves data transfer charges for traffic going out to the internet. This option does not optimize network architecture for accessing large files stored in S3, especially for confidential information, as it doesn’t keep the traffic within AWS infrastructure.

AWS PrivateLink provides a way to privately connect VPCs and services, but it does not apply to Amazon S3 since S3 does not support interface endpoints. The solution would not work for accessing S3, making this option incorrect.

Although creating a NAT gateway in each Availability Zone improves availability and reduces latency, it still requires traffic to go through the NAT gateway for S3 access. This incurs data transfer costs and does not minimize data transfer expenses as required. Furthermore, using NAT gateways does not provide a direct path to S3 without public internet involvement.

Leave a Reply

Your email address will not be published. Required fields are marked *

4 × two =