Which combination of actions will meet the requirements?
(Choose two.)
Configure the bucket policy to only allow access through the S3 Private Endpoint.
Modify the VPC endpoint policy on the bucket to only allow the VPC to access it.
Modify the VPC peering configuration to only allow access to the S3 private Endpoint.
Configure the VPC endpoint policy to only allow the VPC to access the specific S3 bucket.
Configure the IAM policy attached to the S3 bucket to only allow access from the specific VPC.
Explanations:
Configuring the bucket policy to allow access only through the S3 Private Endpoint ensures that only requests from the VPC endpoint can access the bucket. This enforces that access is restricted to the VPC endpoint and not through public S3 access.
The VPC endpoint policy controls what resources in the VPC can access S3, but it doesn’t directly restrict S3 access to a specific bucket. The bucket policy should be used to enforce access control at the bucket level.
VPC peering connects VPCs but does not control S3 access. VPC peering is not necessary in this case, as the requirement is to restrict access to the S3 bucket from the VPC through a VPC endpoint.
The VPC endpoint policy can be used to restrict access to specific S3 buckets by defining the allowed actions and resources, ensuring only the desired S3 bucket is accessible through the endpoint.
IAM policies control user or role access to S3, but they cannot restrict access based on the VPC from which the request originates. The restriction needs to be enforced at the endpoint or bucket policy level, not the IAM policy.
I chart that the answer is:
Configure the bucket policy to only allow access through the S3 Private Endpoint.